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HOW IMPORTANT IS YOUR DATA? 


Years of family photos. Your entire music 
and movie collection. Office documents 
you've put hours of work into. Backups for 
every computer you own. We ask again, how 
important is your data? 


NOW IMAGINE LOSING IT ALL 


Losing one bit - that’s all it takes. One single bit, and 
your file is gone. 





The worst part? You won't know until you 





absolutely need that file again. Example of one-bit corruption 
THE SOLUTION 

The FreeNAS Mini has emerged as the clear choice to The Mini boasts these state-of-the- 
save your digital life. No other NAS in its class offers art features: 

ECC (error correcting code) memory and ZFS bitrot 

protection to ensure data always reaches disk ee COle camer etn tom pierces 


« Up to 16TB of storage capacity 


without corruption and never degrades over time. a eehel ECC menern Oita eniantoupaade 


to 32GB) 
No other NAS combines the inherent data integrity * 2x1 Gigabit network controllers 
. . ; »R IPMI 
and security of the ZFS filesystem with fast on-disk Stier an ene pete 
- Tool-less design; hot swappable drive trays 
encryption. No other NAS provides comparable power » FreeNAS installed and configured 


and flexibility. The FreeNAS Mini is, hands-down, the 
best home and small office storage appliance you can 
buy on the market. When it comes to saving your 
important data, there simply is no other solution. 
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CERTIFIED 
STORAGE 


With over six million downloads, 
FreeNAS is undisputedly the most 
popular storage operating system 
in the world. 


Sure, you could build your own FreeNAS system: 
research every hardware option, order all the 

parts, wait for everything to ship and arrive, vent at 
customer service because it hasn't, and finally build it 
yourself while hoping everything fits - only to install 
the software and discover that the system you spent 
days agonizing over isn’t even compatible. Or... 


MAKE IT EASY ON YOURSELF 


As the sponsors and lead developers of the FreeNAS 
project, ixsystems has combined over 20 years of 
hardware experience with our FreeNAS expertise to 
bring you FreeNAS Certified Storage. We make it 
easy to enjoy all the benefits of FreeNAS without 
the headache of building, setting up, configuring, 
and supporting it yourself. As one of the leaders in 
the storage industry, you know that you're getting the 
best combination of hardware designed for optimal 
performance with FreeNAS. 


Every FreeNAS server we ship is... 


» Custom built and optimized for your use case 

» Installed, configured, tested, and guaranteed to work out 
of the box 

» Supported by the Silicon Valley team that designed and 
built it 

» Backed by a 3 years parts and labor limited warranty 


http://www.iXsystems.com/storage/freenas-certified-storage/ 





As one of the leaders in the storage industry, you 
know that you're getting the best combination 

of hardware designed for optimal performance 

with FreeNAS. Contact us today for a FREE Risk 
Elimination Consultation with one of our FreeNAS 
experts. Remember, every purchase directly supports 
the FreeNAS project so we can continue adding 
features and improvements to the software for years 
to come. And really - why would you buy a FreeNAS 
server from anyone else? 





FreeNAS 1U 

- Intel® Xeon® Processor E3-1200v2 Family 

- Up to 16TB of storage capacity 

* 16GB ECC memory (upgradable to 32GB) 

« 2x 10/100/1000 Gigabit Ethernet controllers 
« Redundant power supply 


FreeNAS 2U 
- 2x Intel® Xeon® Processors E5-2600v2 Family 
« Up to 48TB of storage capacity 
* 32GB ECC memory (upgradable to 128GB) 
« 4x 1GbE Network interface (Onboard) - 
(Upgradable to 2 x 10 Gigabit Interface) 
« Redundant Power Supply 
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EDITORS’ WORD 





Dear Readers, 


‘m proud to deliver a new issue of BSD Magazine to you. 

This time we are focused on Cloud computing. | hope 
that my words find you well and in a happy mood, as this 
is such an enjoyable topic. We hope you will read all the 
articles and we welcome any comments you may have. 

We have collected the articles written by experts in their 
field to provide you with highest-quality knowledge. 
Enjoy your reading and develop your new skills with our 
magazine! 

If you want to find out more about Attorney Confidentiality 
in Cloud Computing, check out the article provided by 
Benjamin Wright. Benjamin is an attorney in private 
practice (benjaminwright.us). He teaches Data Security 
and Investigations Law at the SANS Institute. 

Also, we recommend that you read two short columns 
by Dan Srebick about Cloud Security: The Cloud is as 
Secure as You Make It and The Cloud Itself is Not the 
Risk. We hope you will enjoy them and let us know what 
you think about such short columns. 

For my side, | would like to recommend that you 
read Cloud Service from a Developer Point of View by 
David Carlier. He is an experienced developer, is used 
to handling languages like C/C++, Java, Python, PHP, 
with Linux, *BSD and Win32 Operating Systems and 
has worked inside startups as well as bigger companies. 
He is a big fan of FreeBSD and C/C++ are his preferred 
programming languages most of the time. 

Of course, please do not forget to read Mark VonFange’s 
article: “FreeNAS: A Worst Practices Guide’, and the 
amazing interview with Brian Callahan from the Devio us 
team! They try to create a tight-knit IT related community 
that’s made up of geeks, developers, IT professionals and 
enthusiasts. 

And for dessert, please go to see what Rob wrote for 
you this time. We really like his column and we are eagerly 
waiting to see what he will write next month. 

As long as we have our precious readers, we have a 
purpose. We owe you a huge THANK YOU. We are grateful 
for every comment and opinion, either positive or negative. 
Every word from you lets us improve BSD magazine and 
brings us closer to the ideal shape of our publication. 


Thank you. Marta & BSD Team 
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Rack-mount networking server 
Designed for BSD and Linux Systems 


ads 





Up to 5.5Gbit/s 
routing power! 





Designed. Certified. Supported 


6 NICs w/ Intel igb(4) driver w/ bypass BGP & OSPF routing 

Hand-picked server chipsets Firewall & UTM Security Appliances 
Netmap Ready (FreeBSD & pfSense) Intrusion Detection & WAF 

Up to 14 Gigabit expansion ports CDN & Web Cache / Proxy 

Up to 4x10GbE SFP+ expansion E-mail Server & SMTP Filtering 


contactus@serveru.us | www.serveru.us 
8001 NW 64th St. Miami, LF 33166 | +1 (305) 421-9956 
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News 
BSD World Monthly News Ss 


Marta Ziemianowicz 
This column presents the latest news coverage of breaking news 
events, products releases, and treading topics of the BSD new stories. 


The FreeBSD Corner 
BSD in the CLOUDS 


Olaoluwa Omokanwaiye 

This “Cloud Technology movement” in the computing world is 
already robust. Cloud vendors are experiencing growth rates of 
50% per annum, aS more users are demanding cloud services. 
The following statements are, or soon will be, true: 

1. The next billion dollar business is in the cloud. 

2. More companies are firing up BSD in their data center and clouds. 
3. BSD-savvy professionals are in high demand. 


Expert Says... 


Attorney Confidentiality 
in Cloud Computing 
Benjamin Wright 

Are attorney records stored in the cloud accorded confidentiality 
by law? Five recent developments raise questions about the 
confidentiality of digital records belonging to lawyers. Anyone who, 
by legal authority, seeks to access or impede data in this center is 
advised that through the use of skill and diligence, his or her lawful 
mission can be accomplished without infringing on the rights of 
bystanders, such as non-involved customers and individuals. 


FreeNAS: A Worst Practices Guide ee 
Mark VonFange 


There are many best practices guides for managing storage 
solutions out there, but a lot of how you administer your storage 
depends on your specific use case and what youre trying to 
accomplish. While we have created a best practices for FreeNAS, 
we also decided to take a look at what you don't want to do.’ 


security 
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The Cloud is as Secure as You Make It 
Dan Srebnick 


Every company claims it’s cloud is secure; however, is it true? 
How are they secure? 


The Cloud It Self Is Not The Risk... 
Dan Srebnick 


To take a risk management approach to the cloud, start with 
the classification of the data. It is a fallacy to assume that just 
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because an asset does not sit in your data center that it is less 
secure than an asset in someone else's. 


Clouds Integration 


Patterns For Cloud Integration 2s 


Mohamed Farag 

Recent statistics show that 90% of businesses have adopted at 
least one cloud application. 56% of enterprises are still identifying 
IT operations that are candidates for cloud hosting [1]. However, 
a recent survey, that was conducted by IDG Enterprise across 
1600 IT decision makers, reflects that 46% of survey participants 
consider cloud integration as one of the major disconnects that 
hold organizations from going to the cloud 


Tips&Tricks 


Cloud Service in a Developer Point of View 34 
David Carlier 

In this article, we will have an overview of writing a cloud service. 
There exists various ways to achieve your goals, we will focus on 
one which is memory efficient, multiplatform (POSIX systems), 
multi-language (from C++ to Erlang), and reasonably fast. It is 
Apache Thrift. | recently, from top to bottom, wrote a cloud 
service and it worked reliably. 


Unix 

Getting Started with Go on FreeBSD 42 
BRIAN DOWNS 

Two of my favorite things are the FreeBSD operating system and 
the Go programming language. The two are similar inasmuch as 
they're uniquely equipped to solve difficult problems in different 


ways from others in their respective categories. FreeBSD and Go 
together yield a powerful combination for productivity and fun. 


Interview 


Interview with Brian Callahan from Devio.us 46 


Marta Ziemianowicz and Marta Strzelec 
Column 


Among certain sections of the marketing, 
editorial and certainly advertising communities, 
the use of Ad blockers is considered immoral, 
and in some cases users have been accused 
indirectly of theft. Are these users leeches 

or just more savvy netizins? 

Rob Somerville 
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Great Specials 


On FreeBSD®° & PC-BSD® Merchandise 


229.95 


PC-BSD 9.1 DVD 


239.95 


FreeBSD 9.1 Jewel Case CD Set 
or FreeBSD 9.1 DVD 


Styli Dress Attive 


The PC-BSD 9.0 Users Handbook 





Give us a call & ask about our 
COFTWARE BUNDLES 


1.925.240.6652 


299.95 


The FreeBSD CD or DVD Bundle 


249.9 





PC-BSD 9.1 DVD 


Inside each CD/DVD Bundle, you'll find: 
Frees Handbook, 3rd Edition 
Liners Guide FreeBSD Handbook, Jed Exition, Achnin Gusiche 
FreeBSD 9.1 CD-or DVD) set 
Frees Toolkit DVO 


ae Look Your Professional Best ~ 
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Apparel 


Stay Warm in Zip Ups & Pullovers 


FreeBSD 9.1 Jewel Case CD/DVD.............. 


CD Set Contains: 


Disc 1 Installation Boot LiveCD (i386) 
Disc 2 Essential Packages Xorg (i386) 
Disc 3 Essential Packages, GNOME2 (i386) 
Disc 4 Essential Packages (i386) 


PP he ian 
Fr@@BSD 9.0 DVD ..............cccccccccccsecececcecceccecceccecceceeceeceeceecescesceereeeneeee 9 39.95 


Gita 


FreeBSD Subscriptions 
Save time and $$$ by subscribing to regular updates of FreeBSD 


FreeBSD Subscription, start With CD 9.1 we cecscscsssseeseesresneen 929.95 
FreeBSD Subscription, start with DVD 9.1...........sscsssssssscsneesrene 929.95 
FreeBSD Subscription, start With CD 9.0......csssssscsessssesssneseerees 929.99 
FreeBSD Subscription, start With DVD 9,0......scssscsessnesssnenesrene 929.95 


PC-BSD 9.1 DVD (Isotope Edition) 


PE-BSD SU DSEh UGH sicikiccccmmnrnnnnwonmannnnns ee 19,95 


Just Pla Few 
Mousepads & Nowelty Hons 


fe™ 














aK 
Prrecsse 
| 
s 
T-Shirts 
Lots of Styles to Choose From 

The FreeBSD Handbook 
The FreeBSD Handbook, Volume 1 (User Guide) .............000 $39.95 
The FreeBSD Handbook, Volume 2 (Admin Guide)................ $39.95 


The FreeBSD Handbook Specials 


The FreeBSD Handbook, Volume 2 (Both Volumes)...............559.95 
The FreeBSD Handbook, Both Volumes & FreeBSD 9.1 ........ $79.95 


PC-BSD 9.0 Users Handbook 000. $24.95 


BSD Ma arZirne nc cecccsesssssseesecsescessnnssesnssececcessessnsesesssssenseee 911,99 
The FreeBSD Toolkit DVD 0... cessssssssssssessssensess 939.95 
Fre@BSD Mousepad 0.0.0... csosesssssssssssssesssesssssssssesessessesee 910.00 
FreeBSD & PCBSD Cap unc ceccssssssssssssssssssessesssesees 920.00 


BSD Daemon Horn s SSSR RASSRSSRESEEE REESE EEE EEE EEE EEE EES EEE EEE EEE EEE EEE EEE $2.00 
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| 
For even MORE items 
visit our website today! 


www.FreeBSDMall.com 
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DesktopBSD Is releasing 
DesktopBSD 2.0 roadmap! 


Dee IS an Open source operating system that 
aims to be a stable and powerful operating system 
for desktop users. Combining the stability of FreeBSD, 
the usability and functionality of KDE, and the simplicity 
of specially developed software to provide a system that’s 
easy to use and install, in a project with two primary goals 
— security and usability. 


Why DesktopBSD? 


¢ Works out of the box, with full multimedia support and 
extremely easy to use. 

¢ An operating system that respects your privacy, free 
of cost and open source for life. 

e Users are encouraged to send feedback, their ideas 
will be heard. 

¢ Provides a large software content ready to be in- 
stalled from the Software manager. 

¢ Modern, elegant and comfortable operating system 
which is both powerful and easy. 
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http://www.desktopbsd.net 


KLEVV Urbane SSDs Released 


LEVV has entered the Solid State Drive market by 

releasing their first line of Uroane SSDs. Coming in 
three different storage capacities, 240GB, 480GB and 
960GB, these 2.5-inch SSDs are equipped with an alumi- 
num metal body, Toshiba 15nm MLC NAND Flash mem- 
ory chips, a SATA 6.0 Gbps interface and a quad-core, 
8-channel PHISON PS3110-S10 controller. 

Designed for the fast life, the Uroane SSDs promise to 
deliver read/write speeds of up to 560/390 MB/s (240GB 
model) and 560/530 MB/s (480GB & 960GB models), re- 
spectively. In addition, users can also easily enjoy the ser- 
vice of KLEVV SSD Toolbox and Acronis True Image HD 
2015 at the KLEVV Data Migration Software Center. 


About the company 


Established in 2014 with only 12 employees, Essencore 
started with one goal: to be the “Champion in Semicon- 
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ductor distribution & Memory products.” They have ex- 
panded the business domain worldwide and become an 
unprecedented Memory actor in the market. 

The business strategies are to adopt the newest tech- 
nologies to differentiate ourselves in front of customers 
from competitors, deliver dedicated memory products 
avoiding supply management issues, and offer various 
product portfolios for customer’s competition readiness. 

The company’s core strengths are well-organized ._ 
business structures, comprehensive product 
development and top-level human re- 
sources from the world’s best Mem- As 
ory IDMs. 







http://www.techfresh.net/klevv- 
urbane-ssds-released/ 


10/2015 





NextBSD recent updates 


Nee is a code name for our “science project’, 
a name which is more tongue-in-cheek than serious. 
It started as an effort to adapt some of the more interesting 
Open Source technologies from Darwin/OS X to FreeBSD. 

These technologies have collectively provided a high- 
er level programming substrate for developers in OS X 
and iOS for many years now, replacing what have all too 
often been little more than semi-evolved shell scripts or 
bespoke solutions with limited architectural goals in other 
Unix variants. 

NextBSD is also an effort to demonstrate that we need 
not be limited to simply one true FreeBSD. FreeBSD.org 
can and will continue to provide a conservative minimalist 
base for the development of advanced distributions like 
this one. Such distributions can make substantial addi- 
tions to the basic core or reach different architectural de- 
cisions about which technologies to bundle in the core at 
all. And you may think of it as a “research laboratory” for 
such efforts, if that analogy helps. 


In addition to the technologies that have received so 
much recent attention, we have also included VM optimi- 
zations from other vendors, as well as refinements to the 
network driver model. We are also eagerly seeking out 
other technologies that we believe merit inclusion, from 
new security technologies to fundamentally different ap- 
proaches to packaging and distributing OS and appliance 
software. 


¢ The basic ecosystem of launchd, notifyd, asld, and 
libdispatch work. 

¢ These can be installed by cloning the NextBSD re- 
po from github, building GENERIC or MACHTEST 
kernels, installing a new world on an existing 10.x or 
CURRENT system, and then following the instruc- 
tions in the README. 

¢ Launchd will start the initial jobs that are part of the 
repo now. 


Google OnHub Router runs 
ChromiumOS (Chrome OS) 


his is the same Linux-based operating system that 
powers Google Chromebook laptops and desktops. 

OnHub is a modern dual-band wireless router, designed 
by Google and TP-Link, that operates networks on both 
the 2.4GHz & 5GHz frequency bands simultaneously and 
offers speed of up to 1900 Mbps. 

Unlike traditional Broadband Routers, Google OnHub is 
designed to support “The Internet of Things” as well as 
other Smart devices, including Smartphones, Connected 
TVs and Computers. 

A Team of Modders at Exploitee.rs, also famous 
as GTVHacker, have successfully managed to root 
a Google OnHub device in the same way they would with 
a Chromebook. 

..And as an outcome of their reverse engineering on 
eMMC and the SPI flash dumps, the team discovered 
that the OnHub Router router runs something very similar 
to Google Chrome OS. 


http://thehackernews.com/2015/10/root-google-onhub- 
chromeos.html 
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What’s new in iOS 


, OS 9 is Apple’s newest operating system for iOS devices 
like the iPhone and the iPad, released to the public on 
September 16, 2015. iOS 9 builds on the content intro- 
duced with iOS 7 and iOS 8, bringing subtle design 
changes, refined features, improved functionality, and 

performance enhancements. 

iOS 9's biggest focus is on intelligence and proac- — 
tivity, allowing iOS devices to learn user habits and | 
act on that information, opening up apps before we | 
need them, making recommendations on places we , 
might like, and guiding us through our daily lives 
to make sure we're where we need to be at the © 
right time. 

Siri is at the heart of the changes, and the per- | 
sonal assistant is now able to create contextual re- | 
minders and search through photos and videos in _ | 
new ways. Swiping left from the home screen also | 
brings up a new screen that houses “Siri Sugges- | 
tions,” putting favorite contacts and apps right at | 
your fingertips, along with nearby restaurant and | 
location information and important news. 

The iPad’s gotten some major feature addi- 
tions in iOS 9, like split-screen multitasking that | 
lets two apps be used at once and a picture- 
in-picture function that lets you watch a video | 
while doing something else on the tablet. The 
keyboard on the iPad has deeper functionality 
with the addition of a new toolbar, and on both 
the iPhone and the iPad, there’s a new two- | 
finger swipe gesture that makes it easier to QQ 
select content, cut, paste, and move the cur- 
sor on the screen. 

Other changes include a new systemwide 
San Francisco font, wireless CarPlay support, an op- 
tional iCloud Drive app, built-in two factor authentication 
and optional longer passwords for better security. 

Along with these features, iOS 9 features significant un- 
der-the-hood performance improvements. Battery optimi- 
zations provide an additional hour of battery use under 
typical conditions, and a new Low Power Mode further ex- 
tends battery life up to three hours. 

The current version of iOS 9 is iOS 9.0.2, which was 
released on September 30. iOS 9.0.2, like iOS 9.0.1, is 
a minor update that fixes several bugs. It fixes an issue 
that prevented app cellular data usage to be toggled on 
or off, resolves an issue that prevented iMessage activa- 
tion, fixes an issue where an iCloud backup could be inter- 
rupted after starting a manual backup, and fixes a bug that 
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Adam Goosers a 


Amy Frost 


Chris Duggan 


could cause the screen to rotate incorrectly when receiv- 
ing notifications. It also includes stability improvements for 
the Podcasts app. 
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Prior to iOS 9.0.2, Apple released iOS 9.0.1 on Sep- 
tember 23. A minor update, iOS 9.0.1 introduced fixes for 
several bugs, including a glitch with the “Slide to Upgrade” 
screen that was preventing people from upgrading their 
devices from iOS 8 to iOS 9. 

Apple is also testing the first major update to iOS 9, 
IOS 9.1. iOS 9.1 introduces features for upcoming prod- 
ucts like the Apple TV, and it includes new emoji like uni- 
corn head, cheese wedge, taco, middle finger, burrito, 
popcorn, and more. Thus far, Apple has seeded five betas 
of iOS 9 to developers and public beta testers. 


http:/www.apple.com/ios/whats-new/ 
http://www.macrumors.com/roundup/ios-9/ 
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BBC bypasses Linux kernel to make streaming videos flow 


t's no surprise, then, to learn of other high-performance 

efforts addressing the same issue: both the BBC in its 
video streaming farms; and CloudFlare, which needs to 
deal with frequent packet flood attacks. 

High-definition video streams have to push out 340,000 
packets per second into 4 Gbps ultra-high definition 
streams. With just 3 us per packet of processing time, us- 
ing the kernel stack simply wasn't an option. 

Using the network sockets API, the post explains, in- 
volves a lot of handling of the packet, as “each data pack- 
et passes through several layers of software inside the 
operating system, as the packet's route on the network 
is determined and the network headers are generated. 
Along the way, the data is copied from the application’s 
buffers to the socket buffer, and then from the socket buf- 
fer to the device driver’s buffers.” 

The boffins started by getting out of the kernel and into 
userspace, which let them write what they call a “zero- 
copy kernel bypass interface, where the application and 
the network hardware device driver share a common set 
of memory buffers”. 

The application creates a group of packets and their net- 
work headers, it does so directly in those shared buffers. 

“Then using a single function call, the whole group is 
handed over to the control of the device driver which 
transmits them directly on to the network’. 

CloudFlare’s approach is similar — a userspace kernel 
bypass — but with wrinkles specific to its circumstances. 


CloudFlare’s problem is not just the quantity of packets, 
but the need to distinguish attack packets from user data. 
Regular readers of The Register will already know that the 
provider suffers regular attacks. 







TCP/UDP layer 
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| Network Interface Controller 
Packets sent | _hardware_ 
on network 





http://www.theregister.co.uk/2015/10/12/linux_network- 
ing_api_showing_its_age/ 


IBM Research Alliance’s 7nm 


Node Chips 


he secret to packing a whopping 20 billion transistors 

onto a fingernail-sized chip involves a combination of 
Silicon Germanium (SiGe) channel transistors and Ex- 
treme Ultraviolet (EUV) lithography integration. This for- 
mula, championed by an alliance led by IBM Research, 
is billed as the semiconductor industry's first 7nm node 
chip with functioning transistors. Today, microprocessors 
leverage 22nm and 14nm technologies, and 10nm is on 
its way to maturity. The new 7nm technology in the IBM 
consortium’s test chips is considered critical to meeting 
the anticipated demands of future cloud computing and 
Big Data systems, cognitive computing, mobile products 
and other emerging technologies. Other partners in the 
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public-private consortium include GLOBALFOUNDRIES, 
Samsung and the SUNY Polytechnic Institute’s Colleges 
of Nanoscale Science and Engineering. 
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NVIDIA OpenACC Toolkit 


t is not that computing cores aren't getting faster. In- 

stead, processors are getting more parallel, which is a 
trend that is likely to continue. To harness advances in 
parallel computing, NVIDIA and its partners developed 
the OpenACC standard, which NVIDIA says “simplifies 
parallel programming for modern processors, like GPUs’. 
In order to simplify access to OpenACC for researchers, 
NVIDIA has released the new NVIDIA OpenACC Toolkit, 
a free, all-in-one suite of OpenACC parallel programming 
tools. NVIDIA claims that scientists can do “more science, 
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less programming’ from the solution, which features “the 
industry-leading” PGI Accelerator Fortran/C Workstation 
Compiler Suite for Linux. The compiler is free to academ- 
ic developers and researchers. The toolkit also includes 
the NVProf Profiler, which gives guidance on where to 
add OpenACC “directives”’—that is, simple compiler hints 
to accelerate code, as well as simple, real-world code 
samples. 


1 week effort 


ao Of code modified 


596 of code modhied 


feedupys CPL 
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The Qt Company's Qt 


he motto for the Qt Company is simple: “Code less. 

Create more. Deploy everywhere.” It’s a sensible leit- 
motif given that the company made the new Qt 5.5, the 
upgraded C++-based framework of libraries and tools for 
developing powerful, interactive and cross-platform ap- 
plications and devices. Qt’s support for multiple desktop, 
embedded and mobile operating systems allows devel- 
opers to save significant time on application and device 
development simply by reusing one code. The most no- 
table innovations in Qt 5.5 are the following: full Bluetooth 
Low Energy for Internet of Things deployments, a pre-built 
version of Qt for RHEL 6.6 and preliminary support for 
upcoming Windows 10 (full subsequent support to follow 
with a patch release). Other new features include extend- 
ed support for multimedia and graphics creation with 3D 
capabilities, as well as new multi-screen and loT develop- 
ment features that strengthen overall performance across 
applications and devices. 
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http://www. linuxjournal.com/slideshow/new-products-8 
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Download syslog-ng Premium Edition 
product evaluation here 


Attend to a free logging tech webinar here 
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syslog-ng log server 


The world's first High-Speed Reliable Logging™ technology 


HIGH-SPEED RELIABLE LOGGING 


m above 500 000 messages per second 





=m zero message loss due to the 
Reliable Log Transfer Protocol™ 


= trusted log transfer and storage 
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HOW TO BUILD A PENTEST LAB 
——_——— PAUL JANES al 


Enroll to BUILD YOUR OWN PENTEST LAB online course and learn how to create your own 
pentest lab. 


This course covers various virtualization software and penetration testing tools like Kali Linux, 
Nessus, Metasploit, Metasploitable, Nmap, and others. 


Through practical hands-on labs, you will be able to not only identify systems but also identify 


their vulnerabilities. 
All in pure practice. 
In case of any questions please contact: 


joanna.kretowicz@eforensicsmag.com 





Course Plan: 


Pre-Course Material 


« Why Do! Need a Pen Test Lab 

« Definitions 

« Creating Directory Structure For the Course 
« Download Virtual Images 

« Acquire Nessus Licenses 


Module 1 The Build 


« Definitions 
« Some Basic Linux Commands You Need to Know 


Software 


« Installation of VMPlayer and Virtual Box. 
You Decide, We Will Cover Both. 

« Setup of Our Penetration Testing System — 
Kali Linux Distribution 

« Setup a Linux Client as a Virtual Machine 

« Setup Our First Vulnerable Machine 
Metasploitable2 

« Setup Our Second Vulnerable Machine Bee-box 
(BWAMP) 


Exercises 


« Overview of Virtual Machine Settings 
« Run the Basic Linux commands 
« Upgrade Kali Linux Distribution 


Module 2 Port Scanning 


« Nmap and Zenmap Installation 

« Nmap Basic Scanning 

« ZenMap Basic Scanning 

« Metasploitable Dnmap Scanning 


Exercises 


« Run Nmap Scans against Ubuntu 
« Run Zenmap Scans Against Metasploitable2 
« Run Dnmap Scans Against Host 


Module 3 Vulnerability Scans 


« Installation and Licensing of Nessus Vulnerability 
Scanner 

« Installation of Netsparker Web Vulnerability 
Scanner 

« Basic Nessus Scanning 

« Basic Netsparker Scanning 

« Intermediate Nmap Scans 


Exercises 


« Runa Nessus Scan Against Metasploitable2 

« Runa Netsparker Scans Against Bee-Box 
(BWAMP) 

« Runa Nessus Scan Against Ubuntu 


Module 4 Advanced Scanning and Reporting 


« Nessus Advanced Scans 

« Netsparker Advanced Scans 

« Nmap Advanced Scans 

« Metasploit Reporting 

« Review Other Resources Available to You... 
« Where Do | Get Virtual Machines 


Exercises 


« Create a Metasploit Report Combining Nessus 
and Dnmap Scans 

« Runan Advanced Nessus Scan Against 
Metasploitable 2 

« Runan Advanced Netsparker Scan Against 
Bee-Box (BWAMP) 


If you have any questions or just want to get to know us better feel free to contact 


me at joanna.k@eforensicsmag.com or just answer this email 
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Cloud Computing - 
BSD in the CLOUDS 





There is a saying in my culture - “the clouds are wide 
enough for every bird to fly without hindering another”. 
The meaning of this profound proverb is that there are 
more than enough opportunities for everyone without 
any problems whatsoever, and in the case of our discourse 


about the Cloud, it does play. 


t is the greatest time for open source professionals and 

the BSD Community. This “Cloud Technology movement” 
in computing world is already obvious. Cloud vendors are 
experiencing growth rates of 50% per annum as more us- 
ers are demanding cloud services. RightScale conduct- 
ed its fourth annual State of the Cloud Survey of the lat- 
est cloud computing trends at the beginning of this year 
2015, with a focus on infrastructure-as-a-service. From the 
survey of some 930 IT professionals asked, it showed that 
there’s a greater adoption of cloud infrastructure and re- 
lated technologies. The respondents included technical ex- 
ecutives, managers and practitioners and represented or- 
ganizations of varying sizes across many industries. Again 
this showed that more and more companies are moving 
into cloud use for one service or the other. Even tech giants 
are providing and making more of their services available in 
the cloud. Moreover a large percentage of the applications 
and technologies used by individuals always have a cloud 
feature to work online or even provide back-ups, think of 
your favorite online application like a word-processor such 
as Google-docs, or file-sharing application like Drop Box 
and Google Drive, or the tool you use for organising like 
Keep or Evernote and even your favorite photo app. In fact, 
most developers see it as a must and an added advantage 
adding a cloud feature to their products. 

Just as the proverb | began this article with, presently, 
there are more than enough opportunities for the entire BSD 
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community, BSD professionals, as well as BSD service start- 
ups concerning cloud technologies and here’s why: 

| predict that the following statements are, or soon will 
be, true: 


¢ The next billion dollar business is in the cloud; 

¢ More companies are firing up BSD in their data cen- 
ter and clouds; 

¢ BSD-savvy professionals are in high demand; 


Let’s take each of these points one at a time to discuss. 


The next billion dollar business is in the cloud 

The article “Here’s Where Amazon and Google Could 
Make Their Next $100B” caught my eye a few days ago 
showcasing a report put together by the tech industry re- 
search outfit, Forrester, predicting the future of the cloud 
computing business. Forrester’s report, drew from inter- 
views with vendors and customers across the market, fo- 
cused mainly on “public cloud services” — Internet servic- 
es, like those from Amazon and Google and Microsoft, 
that allow businesses build and operate software without 
setting up their own hardware. The new report predicts 
that this market will grow to $191 billion by 2020. That’s 
20 percent more than they predicted in their previous re- 
port, back in 2011. “The adoption among cloud among en- 
terprises, which is really where the money is, has really 
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picked up steam,” John Rymer, vice president at Forrest- 
er, said, “It’s a big shift. The cloud has arrived. It’s inevi- 
table”, he further added. 

Rymer and Forrester identified the cloud, especially the 
public cloud (offering cloud to all), as being a “hyper-growth” 
market. The report further shows that, this “hyper-growth” 
market made up of “cloud platform services” like Amazon 
EC2, will be a $44 billion market by 2020, back-end busi- 
ness services will reach $14 billion, and cloud software ap- 
plications will hit $131 billion. “A lot of businesses are now 
saying: ‘| want to move my operational application, back 
office applications, into public clouds,” John Rymer said, 
he also said, “...in the past, so many people said: ‘I’m nev- 
er going there. Now they're actually working at it.”. And as 
though that was not enough Bloomberg Business recently 
published an article, “Cloud Boom Boosts Google, Amazon 
With $90 Billion Stock Surge’, revealing the success of the 
cloud shift everyone was talking about, and how Google 
and Microsoft and Amazon are already benefiting from as 
evidenced in their stocks, all hitting record high. For exam- 
ple, Amazon Web Services division, soared from 78 percent 
from a year ago with sales of $2.09 billion. As of this writing, 
Amazon’s stock gained as much as 10 percent to $619.45, 
Microsoft added 11 percent to $53.16, and Google soared 
12 percent to $730, as revealed by Bloomberg. 

Google’s CEO, Sundar Pichai already said, “Every busi- 
ness in the world is going to run on cloud eventually.” 


More companies are firing up BSD servers 

in the cloud, for cloud services and even more 
will start 

From the well known names like Digital Ocean, Open 
Stack, Google and Amazon to others like CloudSigma and 
BSDvm, more and more companies are serving the latest 
BSD versions (especially the FreeBSD 10) in the cloud, 
both for customers and developers. 

For example, the back end of WhatsApp, a mobile ser- 
vices platform acquired by Facebook in October 2014 at 
a final price that topped $21.8 billion runs on FreeBSD 10. 
FreeBSD appeals more to some developers for the back 
end of heavily trafficked systems, given its reputation as 
a Stable, 30-year old version of Unix. Offering FreeBSD, 
has made DigitalOcean, for example, ahead of the major 
cloud suppliers when it comes to appealing to developers. 

The customers desire and demand to have their favou- 
rite OS in the cloud as well, to enjoy the many benefits 
and advantages that BSD offers such as the robust com- 
munity, the OS stability, security, ease of use, the many 
ports available among many other benefits. 

And guess what? The reviews about the BSD services 
are just splendid. One person said in one review, “we can 
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all now enjoy FreeBSD on AWS..., this was a long time 
coming. And finally wait is over’, another said, “Works 
flawlessly. Deployed in a minutes”, while yet another said, 
“| got my FreeBSD instance up and running with just a few 
clicks, ... performance is great”. 


BSD-savvy professionals are in high demand 

To fill up these data centres and help operate the cloud 
servers you need capable people. Take for example, the 
Linux Professional Institute (https:/www.lpi.org) certi- 
fies Linux Professionals and the BSD Certification Group 
(http://www.bsdcertification.org/) certifies BSD _ profes- 
sionals. Both organisations are non-profit organisations 
committed to creating and maintaining global certification 
standards for system administration on Linux and BSD 
based operating systems respectively and help candi- 
dates gain the necessary skills. 

The LPI Certification has the Linux Essentials Profes- 
sional Development Certificate, Linux Server Professional 
Certification (LPIC-1), Linux Network Professional Certifi- 
cation (LPIC-2), Linux Enterprise Professional Certifica- 
tion (LPIC-3). 

The BSD Certification Group has two levels of certifica- 
tion — the BSD Associate (BSDA), an entry level certifica- 
tion on BSD systems administration and the BSD Profes- 
sional (BSDP) designed to be an advanced certification 
for senior system administrators with at least three years 
of experience on BSD systems. These exams are thor- 
ough and based on psychometric making sure they reflect 
the needs of the IT community and industry. Once a can- 
didate is well prepared either by professional training and 
self study accompanied with lab practise, the exams are 
nothing to be afraid of. Also the objectives and list of study 
materials can be found on their websites. 

The value of these certifications cannot be over-empha- 
sized as more organisations are requiring proof of profes- 
sionalism from applicants, employees and consultants. 

Indeed.com is an excellent job board where Linux/UNIX/ 
BSD professionals can find job vacancies (from network 
Engineers to System Administrators, Security Specialists, 
support technicians and many more) — these job offers al- 
ways request for *NIX/BSD skills either specifically or as an 
added advantage. Applicants are also encouraged to up- 
load their resumes ahead, so employers can find them eas- 
lly. Now imagine what happens when an employer sees in 
your resume that you are certified by a standard body like 
LPI or BSDCG coupled with the experience you have in the 
field, at that point your certification speaks for you. 

LinkedIn is another place, one of the best business plat- 
forms where BSD and Open Source Pros can find jobs or 
to find companies interested in their skills. 
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At this point, the *NIX/BSD experts need to be heavily 
involved in cloud technologies, and market themselves, 
(thankfully there’s social media). If you think it is not that 
obvious that professionals with such skills are a necessity, 
just read Google Cloud Platform web page: Google says 
that, for the operating system images in the table listing 
given, (which incidentally included FreeBSD10) that sup- 
port for the OSes including BSD can be gotten with the re- 
source listed under Support channel. It further says that, 
“Compute Engine does not manage these operating sys- 
tems and any questions or costs would be determined by 
the corresponding operating system community.” 

First, | think, it is good that a tech giant, like Google 
(that is gaining increased ground in the cloud industry), 
provides support for the BSD OS. Even though its com- 
pute engine does not manage BSD OS, it emphasizes by 
saying (and here's the catch and opportunity for the BSD 
community and experts) —“...any questions or costs would 
be determined by the corresponding OS community” (for 
BSD, that would be the BSD community). This shows 
that the cost and advise to provide these services are de- 
termined and controlled by the BSD savvy professional. 
Now that is a great opportunity. For instance, BSD savvy 
experts can offer the services required in this regard, ei- 
ther by building start-ups, or by forming partnerships with 
these cloud-offering organisations or even by being part- 
time or full-time employees to the cloud organisations to 
fill in this gap and also make some money. 

As we know, Amazon is another giant in the cloud busi- 
ness. This further confirms the significant space the BSD 
OS holds and the community members (like Colin Percival, 
a FreeBSD contributor and FreeBSD security officer, wnose 
name came up in the reviews) involved in bringing the BSD 
cloud instance live for customers on the AWS infrastructure. 
As mentioned earlier, customer reviews about the FreeBSD 
instance in the AWS cloud space are terrific. Amazon is one 
of the big players and is growing. Having the required BSD 
skills to deploy and manage such in the AWS cloud platform 
is a big advantage, giving a BSD professional an edge over 
others as it is readily demanded but often scarce. 

Aspiring BSD professionals can start developing them- 
selves now, resources are readily available online — tu- 
torials, training resources, forums, online programs and 
a whole community available to assist. BSD Conferences 
are also held consistently around the globe. Diligent prac- 
tice is a must on the part of the aspiring BSD pro. You can 
work with virtualization software or work directly on an avail- 
able system either personal or in the cloud, now easy and 
affordable. Certification programs are sure advantages. 

Just as resources are vast, so are the opportunities, lets 
be a part of it and seize the opportunity this moment. 
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God bless the BSD and Open Source Software community. 

God bless you. 

This article was written by Olaoluwa Omokanwaiye. 

Olaoluwa is a Linux professional and a BSD user and 
BSD magazine beta-tester. He works with the Linux Pro- 
fessional Institute Master Affiliate in Nigeria. 

He started using the *NIX OSes many years back when 
he got inquisitive and curious with operating systems oth- 
er than the popular proprietary ones. He is happily mar- 
ried to Eniola, an architect and interior designer, and they 
have an adorable daughter, Grace-Lois that is already tin- 
kering with her dad’s Android tablet. 


Footnotes 


¢ BSD Cert Group: http://www.bsdcertification.org/ 

« LPI means Linux Professional Institute : www.I/pi.org 

¢ See details on RightScale’s Cloud Survey in January 2015 here: 
http://www. rightscale.com/blog/cloud-industry-insights/cloud- 
computing-trends-2015-state-cloud-survey 

¢ See details on why cloud vendors are growing 50% per annum 
here: https://en.wikipedia.org/wiki/Cloud_computing#cite_note-12 

¢ For more details on the article “Here’s Where Amazon and 
Google Could Make Their Next $100B”, see http:/www.wired. 
com/2015/10/amazon-google-make-next-100-billion/ 

¢ For more details on Bloomberg Business article, “Cloud Boom 
Boosts Google, Amazon With $90 Billion Stock Surge”, see 
http://www.bloomberg.com/news/articles/2015-10-23/the-cloud- 
is-raining-cash-on-amazon-google-and-microsoft 

¢ See FreeBSD now gaining ground with small cloud providers here: 
http://www.informationweek.com/cloud/infrastructure-as-a-service/ 
freebsd-gains-ground-with-small-cloud-providers/d/d-id/1318656 

« For benefits of FreeBSD in cloud and as VPS see https:/www. 
atlantic.net/blog/freebsd-ssd-cloud-vps-hosting-10-reasons/ 

« See Operating systems with support out of compute engine on: 
https://cloud.google.com/compute/docs/operating-systems/#operating_ 
systems_with_support_outside_of_short_product_name 

- For more details on Amazon Reviews about FreeBSD _in- 
Stance see: https://aws.amazon.com/marketplace/review/prod- 
uct-reviews/ref=dtl_pop_customer_reviews/182-4702837- 
2618265?ie=UTF8&asin=BO0KSS55FY 








Olaoluwa Omokanwaiye ,has been passionate about open source 


technologies since his sophomore year. Today, twelve years later, 
he has worked with the Linux Professional Institute since 2008 in 
promoting and providing training and certification opportunities 
to a wide range of clients from server administrators to air traffic 
control personnel. A keen advocate of open source systems, he is 
presently working with a team that’s looking to set up an innovation 
hub at a prestigious university in Nigeria. He is married to Eniola, 
an architect, and their 1 year old daughter is fast becoming a pro 
at tinkering with her Dad’s Android tablet. In his free time Laolu 
watches Marvel movies, follows up on new developments in robotics 
and plucks a few strings on his violin. Connect with Olaoluwa on 
LinkedIn at ng.linkedin.com/in/olaoluwa twitter at dnachild. 


10/2015 





ae =: a —— = 


OPEN 





8 8 es 


WWW.NETOPENSERVICES.COM ¢ CONTACT@NETOPENSERVICES.COM 





EXPERT SAYS... 


Attorney Confidentiality 
in Cloud Computing 











No Trespassing Banners 


May Be Effective 


Are attorney records stored in the cloud accorded 


confidentiality by law? 


don't have the final answer to that question, but | do 

have some ideas to promote confidentiality. 

The confidentiality of attorney records is normally based 
on two legal doctrines — attorney-client privilege and attor- 
ney work product. 


Evidence That Maybe Attorney Records Are Not Being 
Accorded Confidentiality 

Five recent developments raise questions about the confi- 
dentiality of the digital records belonging to lawyers. 


e Item One: According to rumor, national intelligence 
agencies have tapped into law firm records and com- 
munications. Allegedly, a document leaked by Ed- 
ward Snowden shows that the Australian Signals Di- 
rectorate, in cooperation with the US National Secu- 
rity Agency, spied on a US law firm (rumored to be 
Mayer Brown) that was advising the government of 
Indonesia in trade negotiations. Allegedly, the gov- 
ernment received legal advice in support of its spying 
on the firm.” 

e Item Two: The FBI has informed some US law firms 
that they have been hacked by bad guys. Some have 


BSD 


MAGAZINE 


20 


speculated that the reason the US government pos- 
sesses this knowledge is that the US government it- 
self was also spying on the law firms.* 

Item Three: A whiff of uncertainty has emerged 
about whether lawyers are wise to store records in the 
cloud. One school of thought argues that the cloud 
provider is a third party (that is, not the lawyer and not 
the client). This school argues that by placing the re- 
cords in the hands of the third party, and arguably al- 
lowing the third party to monitor the records in some 
way, the lawyer has waived confidentiality rights. 

Item Four: Microsoft — the cloud service provider for 
Hotmail (a.k.a. Outlook.com) — surreptitiously searched 
the contents of a Hotmail account belonging to an in- 
dependent blogger who did not work for Microsoft. Mi- 
crosoft did not see prior approval from a court or oth- 
er government authority. Microsoft believed its ac- 
tion as service provider was justified by evidence that 
the blogger’s Hotmail account was connected with in- 
fringement of Microsoft's intellectual property. 

Item Five: British spies believe they have legal authority to 
inspect confidential lawyer records and communications. 
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Human Rights 


Can Banners Effectively Increase 
Confidentiality? 

Given these presumably disturbing developments, is 
there anything lawyers can do? | propose lawyers mark 
their records with banners and notices of confidentiality. 

It is inexpensive to post legal banners and notices to as- 
sert zones of confidentiality. Although there is no guarantee 
that law will respect banners and notices, there is no guar- 
antee that it will not respect them. So | publicly publish the 
following declaration on my OneDrive page. (OneDrive is a 
Microsoft cloud computing service for storing files.) 


Publish This Claim With Cloud-Stored Records 
NO TRESPASSING. ALL FILES STORED ON BENJA- 
MIN WRIGHT’S ONEDRIVE ACCOUNT ARE PRIVATE, 
PROPRIETARY AND CONFIDENTIAL UNLESS THEY 
ARE CONFIGURED BY MR. WRIGHT TO BE ACCES- 
SIBLE TO THE PUBLIC. 

Benjamin Wright is licensed as an attorney. Some of Mr. 
Wright’s non-public records stored in the cloud are subject 
to confidentiality protections associated with attorney work 
and communications. The laws of many countries recognize 
such protections. Wright insists that you recognize those 
protections with respect to his records and communication. 


Video Version May Carry More Rhetorical Weight 

On my OneDrive account | publicly publish a video ver- 
sion of the same claim. (https:/www.youtube.com/ 
watch ?t=5&v=dgjFFQgZcus). 


Post this Notice at Data Center 
What could the owner of a cloud or hosting service do to 
bolster the legal protections afforded to lawyer or client da- 
ta stored in the service? One idea is to post a legal notice. 
Below is a notice that could be posted physically at the 
service's data center and on administrative log-on screens 
connecting to the center. One of the goals of this notice is 
to persuade any American authority that it should, under 
American law and policy, respect the property and privacy 
rights associated with the data. This effort in persuasion 
might apply, for example, to: 
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* acourt-issued subpoena 

¢ aduly-authorized tax summons 

¢ aphysical police raid 

¢ a surreptitious online government break-in 


This data center hosts data that is the property of other 
organizations. Most of this data is sensitive. Much of it is 
protected by privileges associated with attorney work on 
behalf of clients. Much of it relates to private, personal- 
ly-identifiable information about individuals. The laws of 
United States and the laws of many other countries re- 
spect rights and privileges related to property, attorney 
work and individual privacy. 

The United States observes the rule of law. As evidenced 
by the US Constitution and many other American laws, pri- 
vacy is a fundamental human right in the United States. 

Mismanagement of the data in this data center can 
cause great damage. Anyone — including a government 
official — tampering with or hindering the lawful use of this 
data is advised to act with care and diligence. 

Anyone who, by legal authority, seeks to access or im- 
pede data in this center is advised that through the use 
of skill and diligence, his or her lawful mission can be ac- 
complished without infringing the rights of bystanders, 
such as non-involved customers and individuals. 


A law firm might post similar notices on its internal computers. 
Dear reader: what do you think about this topic? 


*Footnote: | don’t know beans about what national intel- 
ligence agencies do or don't do. | am not passing judg- 
ment on any particular event. But modern developments 
in technology and surveillance do justify a larger discus- 
sion of confidentiality law. 


Postscript: The form legal language | publish above is 
not copyrighted. It is just form legal boilerplate based on 
stock legal verbiage. It is worthy of public use and dis- 
cussion. Anyone may use it. But if you need legal advice 
or services, you should hire a lawyer. 





Benjamin Wright is an attorney in private 
| practice. benjaminwright.us He teaches the 
Law of Data Security and Investigations at the 
SANS Institute. 
https://www.sans.org/course/law-data- 
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FreeNAS: A Worst 





Practices Guide 






There are many best practices guides for managing 
storage solutions out there, but a lot of how you ad- 
minister your storage depends on your specific use 
case and what you’re trying to accomplish. While we 
have created a best practices for FreeNAS, we also 
decided to take a look at what you don’t want to do; 
things that will leave you hurting either immediately 
or down the road. 


In that spirit, we’ve put together a worst practic- 
es guide for FreeNAS based on years of experience 
with systems in the field. The easiest way to avoid 
these pitfalls is to simply purchase a TrueNAS sys- 
tem from the experts at iXsystems, who can help set 
up your systems for optimal performance and func- 
tionality. For those who prefer the DIY approach, 
here are some things to look out for when setting up 
and managing your own FreeNAS system. 


Using Hardware RAID with ZFS 
When setting up a RAID array, common knowledge says 
that hardware RAID ts preferable to software RAID. This 
is something of a misconception as all RAID is software 
RAID. \f you're using a hardware RAID controller, it has 
its own independent operating system that communicates 
with your disks and often has caches to improve read and 
write performance. This was a good idea in the distant 
past, and improved RAID performance substantially, but 
operating systems and the hardware they run on have 
come a long way since those days. 

FreeNAS uses the ZFS file system and is designed to com- 
municate directly with your disks using its own volume manager. 
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| FreeNAS 


ZFS includes a sophisticated yet efficient strategy for pro- 
viding various levels of data redundancy, including the mir- 
roring of disk and the “ZFS” equivalents of hardware RAID 
5 and higher with the ability of losing up to three disks in an 
array. If a given set of disks is provided to ZFS using a hard- 
ware RAID card, ZFS will not be able to efficiently balance 
its reads and writes between them or rebuild only the data 
used by any given disk. Hardware RAID cards typically re- 
build disks in a linear manner from beginning to end without 
any regard for their actual contents. 

The “one big disk” that hardware RAID cards provide 
limits some of ZFS’s advantages, and the read and write 
caches found on many hardware RAID cards are how risk 
gets introduced. ZFS works carefully to guarantee that ev- 
ery write it receives from the operating system is on disk 
and checksummed before reporting success. This strategy 
relies on each disk reporting that data has been success- 
fully written, but if the data is written to a hardware cache 
on the RAID card, ZFS is constantly misinformed of write 
success. This can work fine for some time but in the case 
of a power outage, catastrophic damage can be done to 
the ZFS “pool” if key metadata was lost in transit. Such 
failures have been known to carry five-figure price tags for 
data recovery services. Unlike hardware RAID, you will not 
suffer from data loss that can occur from interrupted writes 
or corrupt data returned from a hardware cache with ZFS. 

Finally, most hardware RAID cards will mask the 
S.M.A.R.T. disk health status information that each disk 
provides. Very simply, each disk is connected to the hard- 
ware RAID controller card and the disks become invisi- 
ble to the standard S.M.A.R.T. monitoring utility “smartctl’. 
Without access to this information, the user is left unaware 
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of classic warning signs of impending disk failure, like real- 
located sector count or unusually high temperature. Even 
the time it takes to run smartctl can be indicative of an im- 
pending problem. 

While some hardware RAID cards may have a “pass- 
through” or “JBOD” mode that simply presents each 
disk to ZFS, the combination of the potential masking of 
S.M.A.R.T. information, high controller cost, and anecdot- 
al evidence that any RAID mode is about 5% slower than 
non-RAID “target” mode results in zero reasons for using 
a hardware RAID card with ZFS. 

Long story short, using hardware RAID on FreeNAS 
can lead to anything from corrupted writes to fatal errors 
that require you to invest in costly data recovery services. 


Setting up Deduplication without Adequate 
Planning 

Deduplication is a much-desired feature for storage so- 
lutions. On any given system, more than half your data 
may be duplicates of data elsewhere in your storage pool, 
causing a greater storage consumption. Deduplication re- 
duces capacity requirements significantly and improves 
performance by tracking duplicate data with a ‘dedupli- 
cation table’, eliminating the need to write and store du- 
plicate information. ZFS stores this table on disk, which 
means that, if the host has to refer to the on-disk tables 
regularly, performance will be substantially reduced be- 
cause of the slower speeds of standard spinning disks. 

This means you need to plan to fit your entire deduplica- 
tion table in memory to avoid major performance and, po- 
tentially, data loss. This generally isn’t a problem when first 
setting up deduplication, but as the table grows over time, 
you may unexpectedly find its size exceeds memory. This 
splits the deduplication table between memory and hard 
disk, turning every write into multiple reads & writes, slow- 
ing your performance down to a crawl. In an enterprise en- 
vironment, this can cause significant productivity decreases 
and angry staff workers. If this happens, the best solution 
is to add more system memory so that the pool will be able 
to import back to memory. Unfortunately, this can sometime 
take days to perform, and, if your hardware already has 
maxed out its memory capabilities, would require migrating 
the disks to a whole new system to access the data. 

The general rule of thumb here is to have 5 GB of 
memory for every 1TB of deduplicated data. That said, 
there may be instances where more is required, but you 
will need to plan to meet the maximum potential memo- 
ry requirements to avoid problems down the road. To get 
a more precise estimate of the required memory for de- 
duplication, do the following: run the ‘zdb -b (pool name)’ 
command for the desired pool to get an idea of the num- 
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ber of blocks required, then multiply the ‘bp count’ by 320 
bytes to get your required memory. If it’s less than 5GB, 
still use the 5GB per terabyte of storage rule. If it’s higher, 
go with that number per terabyte. 

For must use cases, it is recommended to just utilize 
Iz4 compression for data consumption savings, as there’s 
no real processing cost. In fact, due to of the advances in 
CPU speeds, compression actually improves disk perfor- 
mance because writing uncompressed data to disk takes 
longer than compressed data. To be safe, always use 
compression instead of deduplication unless you know 
exactly what you are doing. 


Striping Without Redundancy 

ZFS offers all the typical forms of RAID redundancy and 
more, including ZFS striping (RAID 0), ZFS mirroring 
(RAID 1), RAID 10, and RAID-Z levels that allow for 1, 2 
or 3 disk failures without affecting your storage pool. ZFS 
Striping can speed up your performance by spreading out 
writes across multiple disks and combining all your disks 
into one large pool. This can seem appealing to the new 
user because of its maximum speed and capacity, but if 
any of your disks has a failure, your entire pool will be 
lost. While, with secondary storage or non-critical data, 
this may not prove to be a catastrophic loss, losing your 
storage pool is always a big deal and it's always recom- 
mended to configure your storage pool with some level of 
redundancy. 


Using a SLOG for asynchronous write scenarios 
The ZFS filesystem can tier cached data to help achieve 
sizable performance increases over spinning disks. Users 
can set up flash-based L2ARC read cache and SLOG 
(Separate ZFS Intent Log, sometimes called a ZIL) ‘write 
cache’ devices. While an L2ARC read cache will soeed up 
reads in most use cases, the SLOG only speeds up syn- 
chronous writes. 

The ZIL caches writes to guarantee their completion in 
the case of a power failure or system crash. The ZIL nor- 
mally exists as part of the ZFS pool, but with a SLOG, 
it resides on a separate, dedicated device. This speeds up 
performance by batching data together for synchronous 
writes for more efficiency. These performance gains help 
with database operations, NFS operations such as virtu- 
alization where the operating system explicitly requests 
synchronous writes. If you aren’t using something that is 
known to use synchronous writes like NFS or databases, 
chances are your SLOG will not help performance. A po- 
tential solution here is to set your pool to “sync=always’. 
This ensures that every write goes to the write cache, im- 
proving write performance. 
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Too Many Snapshots 
Snapshots give users the ability to rollback to previous sys- 
tem states to retrieve lost files or go back to a configura- 
tion that worked properly, while only saving the file system's 
blocks that have changed since the last snapshot. This re- 
sults in near instant snapshot tasks. Snapshot tasks can be 
set for regular intervals and stay stored as long as desired. 
While ZFS generally boasts that you can save unlimited 
snapshots, there are some practical limits to this. Some 
users may decide to have periodic updates every few min- 
utes for multiple datasets and make their lifetime indefi- 
nite. Taking one snapshot every five minutes will require 
over 100,000 snapshots each year, creating some sub- 
stantial performance loss. If you have thousands of snap- 
shots, this means you will have thousands of blocks ac- 
cumulating. Depending on the capacity of the disk, this 
can cause slowdowns when you list snapshots, possibly 
across the entire ZFS pool. 


Upgrading your FreeNAS version with a full 
boot device 
FreeNAS makes upgrading to the latest version, switching 
between nightly and release versions and rolling back to 
earlier versions very easy by storing snapshots of the OS 
on your boot device. However, if you fill your boot device be- 
yond its capacity, updating your OS version may result in the 
upgrade process mysteriously failing. Fortunately, FreeNAS 
will give you an alert when your boot device exceeds 80% 
Capacity, so you should know when your boot drive is get- 
ting full and deleting version snapshots is easy to do. 

Just go into your System>>Boot tab and select the im- 
age you would like to delete and click on the delete button 
on the bottom of the page. 


Rebuilding your ZFS array incorrectly 

FreeNAS gives users the ability to set up ZFS arrays and re- 
silver disks in the case of a drive failure. /f you remove the 
wrong disk and try to rebuild, you can end up losing your en- 
tire pool. It is important to remember that the physical arrange- 
ment of the drives on your hardware may not correspond to 
your device numbers (ada0, ada1, ada2, etc.). To counter 
this, we recommend writing down the serial numbers for each 
disk along with which slot they're in, as the GUI will give you 
associated serial numbers in the case of a drive failure. 

In addition, if you try to rebuild a ZFS array with a disk that 
is too small, your rebuild will fail. This can happen if you use 
a smaller capacity drive, say a 2TB instead of a 3TB, but it 
can also happen between different drives of the same list- 
ed capacity. Different drive manufacturers may create each 
drive with a slightly different total capacity, making the effec- 
tive capacity of your replacement drive slightly higher or low- 
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er than the disk you replaced. If the capacity is slightly high- 
er, your rebuild will succeed, but if it is slightly lower, it will 
not. /f a failure occurs on drives with the same listed capaci- 
ties, there is a workaround available from the FreeNAS web 
user interface. Just access your system>>advanced menu 
and temporarily change your Swap Size to 0 before rebuild- 
ing. Once your rebuild is complete, make sure to change it 
back, though (usually the default of 2GiB). The extra 2GiB 
should accommodate any small difference in drivef capacity 
but do try to use identical drives whenever possible. 


Other Issues to Watch For 

There are a couple of common issues with Active Direc- 
tory that can cause problems. The first is if the system 
clock is out of sync. Make sure you're using a time server 
as AD/CIFS is very time sensitive. Second, having the do- 
main name entered incorrectly can cause your Active Di- 
rectory to have big problems. Ideally, your domain should 
have a reverse DNS entry, which you can determine eas- 
ily enough: https:/www.google.com/search?g=dnstrever 
se+lookup&ie=utf-8 &0e=utf-8#q=reversetdns. 

Also, whenever possible, try not to mix sharing services 
on the same dataset. Differences in permissions between 
Unix (NFS) and Windows (CIFS) sharing formats can cre- 
ate some conflicts, so try to avoid this when you can. If you 
need users from multiple operating systems to have access 
to the same datasets, CIFS/SMB is your best choice. If you 
need to have multiple sharing protocols, you will want to 
separate your datasets between NFS & CIFS/SMB. 

Finally, filling your storage pool over 80% of capacity 
will cause degraded performance. Try to plan your stor- 
age pool size to accommodate for this. 


Conclusion 

When deploying any server or storage system, setting up 
your system properly can help prevent headaches and 
even catastrophes down the road. As they say, an ounce of 
prevention is worth a pound of cure. While there are many 
aspects to setting up any given use case, this guide should 
avoid most of the major pitfalls people run into while setting 
up their FreeNAS storage. And if you're looking for even 
greater assurance, visit www.ixsystems.com/truenas, Callus 
at 1-855-GREP-4-IX or email us at sales@ixsystems.com, 
for information on our qualified, professionally supported 
TrueNAS appliances. We look forward to hearing from you! 





Mark VonFange has been working with iXsystems since 2008. 
He helps with first response support for Professional Services. He 
develops content for FreeBSD, PC-BSD, FreeNAS and Open Source 
and has been published in multiple technical publications. 
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SECURITY 


The Cloud Is as Secure 


as You Make It 


Our cloud is secure. This is a statement that | hear over and 
over again from sales teams and pre-sales tech resources. 
Customers have heard it too, and they are not necessarily 
satisfied. Allow me to interpret. 


ll of the major operating systems providers tout 
the security of their operating systems. Microsoft, 


Apple, Oracle and the open source community all 


have strong arguments to make about the security built 
into their offerings. 

However, no IT professional worth their salt would take 
such a simplistic view of security and stop there. Nor 
would they employ an enterprise or public facing system 
without enhancing the security capabilities of the host op- 
erating system environment with additional layers of pro- 
tection providing visibility to the owner. This is what we 
refer to as defense-in-depth. 

Ask your cloud provider HOW you are secure. Evaluate 
whether their explanation provides assurance of a level of 
security commensurate with the risk your organization is 
willing to take with regard to confidentiality, integrity and 
availability. The security focus of the cloud infrastructure 


provider is going to be to protect their shared infrastructure. 
Fill in the gaps with other cloud products or approach- 
es to mitigate the risk to your application and data. 

You would not likely build a mission critical ap- 
plication and place it on the public internet with a 
VLAN and some ACLs and expect it to last very 
long. Just like your datacenter, the cloud is as se- 
cure as you make it. Have a real security design for your 
cloud environment. Do your part. 

And sales folks, be prepared to talk about what your 


security model addresses and what layers the customer 
might want to add to the platform. Whether it is alerting, 
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management, inline application threat mitigation, or 
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a myriad of other security services that are available, be 
aware and partner with those service providers that add 
to your basic solution. Do your part too and it will add to 
your SUCCESS. 


Information security and information technology _ strategist 
seeking interesting projects and new challenges. | offer many 


years of experience in large scale program development, project 
management and operational oversight and will help to position 
your organization to defend itself against the cyber onslaught. 
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The Cloud It Self 


Is Not The Risk... 


| spent a fair amount of the month of September on 

the road. | was talking to IT folks about the cloud. 
Specifically, one of my clients markets a cloud service 

to their customers. Their sales team had been hearing 
comments such as, “Our security folks would never agree 


to move to the cloud.” 


s NYC CISO, | realized early on that fighting the 
A cloud was pointless. There are excellent use cas- 

es and business drivers for cloud use. So | em- 
braced the cloud, in that | was open to exploring use cas- 
es that are right for the cloud. 

It is a fallacy to assume that just because an asset does 
not sit in your data center that it is less secure than an as- 
set in someone else's. I've seen security done poorly in 
my own data center and I’ve seen it done well in the cloud. 
It is all about risk management. 

To take a risk management approach to the cloud, start 
with the classification of the data. (You do classify your 
data, don’t you?) Determine the controls that would need 
to be implemented to adequately protect that data. Then 
go find a provider that either allows, or even better, will 
help you implement those controls in their cloud. 

Find a cloud provider that will allow you to perform host 
and application vulnerability scans on your cloud assets. 
Many will. Coordination will likely be required, but then if 
you were doing the same testing in your own data center, 
you would hopefully have a notification methodology in 
case of impact. 

And don't forget about an exit strategy. Have a migration 
plan in place that allows you to move your applications 
and data out of the cloud should requirements change. 

Start small. Before migrating critical email or applica- 
tions to the cloud, consider using a cloud provider as off- 
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site backup storage. Or, find the most business critical 
application within your company that does not have an 
adequate disaster recovery plan and build an instance in 
the cloud. 

Involve your security team in the discussion. Also in- 
volve other key executives. Talk about the business driv- 
ers, the risks, and the benefits. Take a rational approach 
and those clouds might look less ominous. 


Information security and information technology _ strategist 
seeking interesting projects and new challenges. | offer many 
years of experience in large scale program development, project 
management and operational oversight and will help to position 


your organization to defend itself against the cyber onslaught. 
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CLOUDS INTEGRATION 


Patterns For Cloud 








Integration: 


Synchronous Vs Asynchronous Application Level Integration 





Recent statistics show that 90% of businesses have adopted 
at least one cloud application. 56% of enterprises are still 
identifying IT operations that are candidates for cloud 
hosting [1]. However, a recent survey, that was conducted 
by IDG Enterprise across 1600 IT decision makers, reflects 
that 46% of survey participants consider cloud integration 
as one of the major disconnects that hold organizations 


from going to the cloud [2]. 


What you will learn... 


« The importance of cloud integration. 

« Technical considerations in cloud integration. 

- Key features of synchronous and asynchronous cloud 
integration patterns. 


rchitecture styles evolved significantly in the past 
A decade and opened new doors for cloud technolo- 

gies, tools, and strategies. Cloud services enabled 
a new process thinking on data aggregation, data replica- 
tion, shareable business functions, distributed computing, 
and business partner integration. It drove us to think about 
NoSQL databases, SaaS improvements, and data migra- 
tion strategies. However, cloud computing also brought 
a lot of topics to the table. These topics included network 
latency, identity management, data security, interoperabil- 
ity, mobile access levels, application monitoring, applica- 
tion connectivity, and Service Level Agreements (SLAs). 
Enormous research and millions of dollars were invested 
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What you should know... 


¢« A good understanding of object oriented principles. 

¢« A basic understanding of cloud infrastructure and cloud 
technologies. 

- A basic knowledge of cloud delivery models such as 
Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and 
Infrastructure-as-a-Service (laaS). 


in this area with the premise that the cloud will pay for 
such costs. In fact, recent statistics reveal that the general 
trend among IT decision-makers continues with efforts in 
cloud integration. The main driver, in this decision, is the 
Increasing Return on Investments (ROI), along with vast 
improvements in service quality [2]. 

As a result, major software players, such as IBM and 
Microsoft, have realized the importance of extending their 
applications to the cloud and they have been offering 
cloud integration as a major key feature in extending the 
lifetime of their software. In the same context, other soft- 
ware players (For instance Dell) have started the devel- 
opment of cloud-only applications; this due to the cost of 
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cloud integration. This article discusses two major cloud 
integration patterns that can help in reducing the cost of 
such expensive processes and promote the performance 
of such applications. This discussion focuses on two cloud 
integration patterns: synchronous operation offered from 
Remote Procedure Call (RPC), and Asynchronous Mes- 
saging (AM). Both patterns are designed to achieve appli- 
cation-level integrity under certain conditions. 

The following section describes each pattern individu- 
ally with respect to its general use, pros and cons. There 
are two types of cloud integration that are included in this 
investigation: 


1. Ground-to-Cloud integration: Here the application 
was developed in a non-cloud environment and we 
are trying to adopt it to the cloud. 

2. Cloud-to-Cloud integration: Here the application tar- 
gets a cloud environment only. 


Please note that Cloud-to-Ground integration goes be- 
yond the scope of this article. 


Remote Procedure Call (RPC) 


Proxy 


Cloud Application 


(Request Initiator/ 
Interface 





ie [=a ele), 





Cloud Application 


Content 





Figure 1. RPC Cloud Integration Pattern Representation 


This pattern is used to integrate multiple applications so 
that they work together and can exchange information 
through each application’s interface [3]. It is useful for in- 
formation lookup in order share data among independent 
applications. In addition, this pattern is the ultimate solu- 
tion when the data has to live with the source in a differ- 
ent area of the network. Furthermore, the use of an ap- 
plication interface promotes several key concepts such 
as encapsulation, abstraction, and interoperability. 


Pros 
1. Provides high reliability since it uses point-to-point 
communication by-default. 


2. Ease of implementation as application integration 
pattern. 
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3. Data access at the source level. 
4. Connects different independent applications, possibly 
running different technologies. 


Cons 


1. Synchronous operation. In other words, the caller is 

blocked until the operation is completed. 

Lack of uniform security and transactional support. 

3. Not suitable in large-scale cloud environments (large 
distributed environments). 

4. Low Performance. 

5. A high level of coupling between services since it as- 
sumes the availability of an existing service all the time. 

6. Non-persisted data. 

7. Limited commercial support. 


N 


There are on-going improvements to solve the challeng- 
es that are introduced by RPC. These improvements in- 
clude the following topics: 


1. Security: In this area, identity management can be 
used to enforce security in the communication. 

2. Latency (Performance): There are several tips that 
can improve the performance over the network with 
respect to security such as: 

a. Acquiring authentication tokens (e.g. OAuth2). 

b. Callbacks and Caching. 

c. Increased the load of messages. In other words, 
avoid sending enormous number of small packets 
over the network. 

3. Transactions: they are not supported by this pattern, 
so avoid using them for acceptable performance and 
right behavior. 

4. Commercial Support: maintain communication to be 

HTTP oriented. 


Now, how to use the value of this pattern in the 
extension of ground applications to cloud environment? 
There are general considerations when dealing with RPC 
patterns in ground-to-cloud integrations: 


REST-Oriented. 

Network Connectivity. 
Identity Management. 
Service Level Agreements. 
Changing Schemas. 


ee ly e 


In order to account for these constraints and perform at 
the maximum levels, Table 1.0 shows possible imple- 
mentation techniques that can mitigate significant risks. 
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Table 1. Techniques for Ground-to-Cloud integration using RPC pattern 


Implementation Example _| Relative Complexity 


Enterprise Service Bus (ESB), | Used as middleware to manage the extension — BizTalk Server, Mule ESB, Medium 
integration server of ground application to the cloud RabbitMQ or Tibco ESB 








Admirably, cloud-to-cloud integration brings more con- 
sideration to the view. In fact, the considerations that 
would make sense in this context are: 


formats [4]. This pattern is extremely useful for data shar- 
ing via broadcasted messages in which the caller does 
not have to be blocked during operation. 


1. Web Services. Pros 
2. Latency. 
3. Service Level Agreements. 1. Callers are not blocked when making calls. 
4. Monitoring. 2. Ideal for broadcasting or multicasting. 
3. Ideal for cloud-scale. 
For this set of considerations, the following techniques 4. Can achieve higher reliability when brokers are used. 
are available to overcome challenges associated with 5. Embrace loose coupling. 
these considerations: 6. Can be used for point-to-point or message routing to 


Table 2. Techniques for Cloud-to-Cloud integration using RPC pattern 


Implementation Example _| Relative Complexity 


Point-to-Point Basic methodology for making integration Custom Java or .NET Code Varies 
not typically RPC 


Cloud hosted bus Integration bus that is sitting in the cloud and Windows Azure Service Bus High 
managing communication between cloud 
endpoints. 








The next subsection introduces asynchronous messag- 
ing integration pattern. 





Figure 2. AM Cloud Integration Pattern Representation 


Asynchronous Messaging (AM) 
This pattern uses “Messaging” to transfer packets of data 
frequently, reliably, and asynchronously using customized 
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cipient list filtering, and aggregators. 
7. Can function in stateful or stateless modes. 
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Cons 


1. Not real-time synchronization. In other words, not 
consistent enough to manage the communication be- 
tween modules that have some sort of dependency. 

2. Achieving reliability may require store + forward 
which degrade the overall performance. 

3. Idempotence often needed because of the possibility 
of message duplication. 

4. Broadcasting requires parallelization due to the enor- 
mous number of messages that are received from peers. 

5. Difficult to debug and trace. 

6. Limited commercial application support. 


Considering these advantages and limitations, how 
asynchronous messaging can be useful in Ground-to- 
Cloud integration? 

Asynchronous Messaging is a great way to limit coupling and 
module dependencies. However, there are a few consider- 
ations to implement this pattern in Ground-to-Cloud integration: 


Table 3. Techniques Ground-to-Cloud integration using AM pattern 





Network Connectivity. 

Message Monitoring. 

Data Security. 

Interoperability. 

Destination System Capabilities. 


ey Ss 


The use of brokers is significant in the performance and 
reliability of this pattern. For example, brokers may boost 
the performance of the overall application with asynchro- 
nous push notifications that will promote caching the da- 
ta that is frequently used. There are a few techniques 
that can be used to maximize the gain from Asynchro- 
nous Messaging, given the Ground-to-Cloud consider- 
ations such as those stated in Table 3. 


On the other hand, how Asynchronous Messaging 
improve Cloud-to-Cloud integration? 

Cloud-to-Cloud integration emphasizes several cloud top- 
ics including: 


Seems Relative Complexity 


Asynchronous Web Service Implement basic Mule ESB, BizTalk Server or Custom Code Medium 
Operation asynchronous operations 


Message Broker Managing complex scenarios Windows Azure Service Bus Notification High 
Hubs 


Table 4. Techniques for Cloud-to-Cloud integration using AM pattern 


Pe enenceu cus ieeneeaureus 


Asynchronous Web Service Implement basic Windows Azure BizTalk services Medium 
Operation asynchronous operations 


Message Broker Managing complex scenarios © Windows Azure Service Bus High 


Table 5. Use Cases for RPC vs. AM 


RPC 


Maximize Performance v 
Cloud Scalability v 


Transactions Not preferred but can be used with cautious to idempotency 








Content Based Routing v 





Ease of Implementation v 
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Identity Management. 

Different Service Level Agreements. 
Message Monitoring. 
Communication Management. 
Interoperability. 


AP oh S 


There are some techniques mentioned in Table 4 that 
highlight these considerations. 


In Summary 

This article introduced two cloud integration patterns that 
are used to integrate applications. These patterns differ in 
their operational nature, although they achieve the same 
goal. In general, Asynchronous Messaging is more con- 
venient for cloud purposes but there is no straight-forward 
answer to the “all-ages” pattern. Instead, an investigation 
into the situational use weighs heavily in the argument for 
one pattern versus the other. Table 5 shows sample use 
cases for each pattern: 
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Cloud Service in 


a Developer Point of View 








This article will be an overview of writing a cloud service. 
Various ways exist to achieve your goals but we will focus 
on one that is memory efficient, multiplatform (POSIX 
systems), multi language (from C++ to Erlang), and 
reasonably fast. It is Apache Thrift. | recently fully wrote 


a cloud service and it worked reliably. 


o illustrate this, we will make a basic remote file 
handler, the server is written in C++ and the client 
written in Python as an example. 
Describing the service 
Our server will be able to deliver three different services, 
listing files or directories, deleting or moving a file. Thrift 
is an IDL (Interface Definition Language) based frame- 
work, hence you describe your service via an abstract ge- 
neric language and the Thrift compiler will generate the 
necessary code per programming language. The basic 
Thrift types are all we find in common in all languages, 
byte, binary, integer (116/32/64), double, boolean, string, 
some containers as hashmap, sets or lists. For those fa- 
miliar with C and or C++ we can define an atomic file with 
a “struct”: 


Struct: tile { 


1: string name 
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The number means the index of the name's field. A file 
in a UNIX system can have several types, not necessary 
a regular file but a device, a socket and so forth. So, let’s 
enumerate each type we might need to identify the files, 
again “a la” C/C++: 


enum file type { 


FILE = 0, 

DEVICE = 1, 
SOCKET = 2, 
SYMLINK = 3, 


DIRECTORY = 4 


struct tile { 
lL: tle type type 
2: string name 


} 
What if we store some file attributes like the size, the 


permissions bits ... ? Thrift allows to set a struct inside 
a struct without problems as you can see below: 
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Struct tle attribute { 
Le 232 ad 

* oe 91d 

116 mask 


164 size 


Oo F&F W NN 


: string strmask 
} 
struct file { 
1: file type type 
47 ile attribute attr 


3: string name 


Now, we can start to describe the three Thrift “services” 
as below, for the first we would like to return a map of files 
and for the sake of shortening, we “typedef” it as below: 


typedef Map<string, tile> tlle list 


In addition, for our services, we would like to throw an 
exception in case something goes wrong. A Thrift excep- 
tion is very similar to a struct: 


exception file exception { 
1: 116 code 


2: string msg 


lf we do not write the required keyword, a field is then 
optional. If you're not sure for future development that 
a field ought to be required, I’d suggest to leave it option- 
al as the clients would stop working if the previous re- 
quired field was suddenly optional in the server's side ... 


service file service { 
nle list etorensics teil: required string path) 
throws (1: flle-exception ex), 
il6 eforensics rm(1l: required string path) throws 
(1: file-exception ex), 
LL6. eforensics.mvy( Ls required. string Srey 2: 


required string dst) throws (1? tile exception: ex), 


Above all of that, we might need to customize the lan- 
guage namespace to organize and avoid conflicts, for 
Java and C++ developers, for example, it is pretty well 
known. The namespace will be translated as well in the 
target language's logic: 


namespace cpp eforensics.cloud 


namespace py eforensics.cloud 


www.bsdmag.org 





The first will produce the usual C++’s namespace as 


namespace eforensics { namespace cloud { 





Listing 1. 
namespace cpp eforensics.cloud 


namespace py eforensics.cloud 


SqUieimre wr osm, 


FILE = 0, 
DEVICE = 1, 
SOCKET = 2 


y 
SYMLINK = 3, 
DIRECTORY = 4 


Steet emai somiLen | 
dod 

eo gad 

6 mask 


164 size 


Ce CO eS) 


Siri ie sciermack 


struct file { 
i inles ry Pemeyre 
Zee elle peclieite oso) Uhm eee te 


3: string name 


ByPedeEiidy <cneing, ile ihhew lust 


ex€epulon iMlesexceouronn, 
is 216 code 


22 sering msg 


SSNS we SeeyneS || 

(le rstmenoOtehicnes guts. Ie: aise clase chesimrelmMes Palen) 
PhimOWenn( Ii sinle meee ted Omer): 
aL SucOieeieis hee ann IS ese ue ieiexel sire ctinte) \orayelol) wlavetonias 
(le HLS SResoir tom Sx)! 
eC emome nes aes ies aae CUES Cenc Ney ms iG ma7 


meCMnicecl Sieieling, ols) iclniowme (le iS excep oi ex), 
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whereas the latter will make the eforensics/cloud Py- 
thon module. 
In the end, the Thrift file might look like this: Listing 1. 


Generating the code 
Once the service is defined, we can now use the Thrift 
compiler like this: 


» ENELit. “Gen - cpp eforeiisics thrift 
S ls 
eforensics.thrifts gen-cpp 


S$ thrift -gen py eforensics.thrift 


In the C++ version, we realize that a skeleton server was 
generated as well, and we will use it to implement our 
service! (see Listing 2). Now it is up to us to implement 
the three services. Let’s start with the simplest, removing 
a file with the famous C function unlink. 


NtLG.t eforensics rmm(Consc std::string& path) { 


LE (unlink (pathec: stri)) == —L) 4 


return -1; 


return 0; 





Listing 2. 


// This autogenerated skeleton file illustrates how to 
build a server. 
// You should copy it to another filename to avoid over- 


calve dolor males, 


#include “file service.h” 

(include <initirhL,/ prorocol, TBinary rorocel:h- 
#include <thrift/server/TSimpleServer.h> 
#include <thrift/transport/TServerSocket.h> 
#include <thrift/transport/TBufferTransports.h> 


uSing namespace: :apache::thrift; 
uSing namespace: :apache::thrift::protocol; 
uSing namespace: :apache::thrift::transport; 


using namespace: :apache::thrift::server; 


Sing WOOse se laked ema, 


uSing namespace ::eforensics::cloud; 


cles Mile toomucectonglerm: Vinal oulol te ilo use hynce lines, 
pubdiuc: 
illic eierewaieeisennelllene (4 


// Your initialization goes here 


WOue Scie isles Is Gills Wisi iS ligils oiicic 
Sree yea elem Gene claim 
// Your implementation goes here 


OIlEerMming mel eWeonos els a | )y, 


IMehGrEme Boren omec il CONE MOEGs tole tmnic soil |e 


// Your implementation goes here 





PrIntt (“eforensics rm i”); 


sLMc ING ce Sie Ouaeiiecls: amy (eeimene Siecle sicccr me side, (cloieyaic 
Sie Ceres ieue deca @ Cie) any 
// Your implementation goes here 


PLuInim(storensites myn); 


ae 


ee eIMaMn (cline eaeGie uC Maia wo aneG vein 
Mate (OOR Eh = Ul 
SGIIS0! Owe seevLeSkiemcl ony Mame lsie (Me whe eeie= 
viceHandler()); 
Shiaked PiEr GwenOCess Om MpmOCeos om (new sale. 
serviceProcessor (handler) ); 
Slaked) PER loch Veh Rams pOnr == senVicr  raniseOmr lew 
TServerSocket (port) ); 
Shared sour MeawepOResacuery> tans ponesacuery (lew 
TBufferedTransportFactory()); 
Sharedgpte<lPuorocelPactony iproLoco lPactouy (mew TBaS 
Naty PEO ocolbmaewary (je 
TSimpleServer server (processor, serverTransport, 
PGMS OOReENACh Oly sO EOLOCOLl aC Wein ji? 
server.serve (); 


return. 0° 
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To improve it, we could make sure the file is a regular 
file, otherwise, return the exception we set earlier in the 
Thrift IDL file (See Listing 3). 

In a similar manner, we can do the move function: 
Listing 4. 

Then the last service, listing files or directories. Previ- 
ously, we defined several types of files and their attributes, 
hence we'll once again rely on the stat function: Listing 5. 





We are nearly done, let's compile the code. 


® Of =std=cH41ll =—<g =—02 =1. -I/usr/ local/incluice <—o 4fo= 
Pensics Constants,O =¢ Sloreteices Constant e.cpp 

> ef =stdect+1l =—¢ -—O2 <1. =I/usr/ locals include =o efo= 
rensice Types. 0 -C. eforeneice Typesscpp 

» €t+ =std=ctt+ll =¢ =-C2 <I. =-l/usr/local/inclide =o file. 


Servyice.o —c file Sseryvice.cpp 





Listing 3. 


VCldweLedcen Stal (SULUCUNStcEn Gs, CONS SEEDING eval ia 
if (path.size() > MAXPATHLEN) { 
string msg = “Name too long “; 
Mss) “= jocelle 
fe SoeeLeece (= i))r, 
Ee see msomsg): 
eo ae: 


Dimemset (ss, 0, Ssizeor (s))> 


Pi (Stat (patnee meta) nes) el 
Semin MSde=  COUlGd NOE Sides; 
Me Cat — | Delehi: 
IE ee ielolelo (aalhiy, 
f. set _msg(msg); 
leew or, 


SEEUCE SEaeas, 
Clecbepoecr(e, arn); 


Mede Tus so.st mode, 


she (Gi eS LMU) Vee SINE) | 
string msg = “Only files can be removed”; 
ESC eC OC (ihn, 
Geese e mse (misg)y, 


iSiGOw ane 

} 

ald (lela gel (Schein Shei) == il) | 
SkLring msg -— Could noe remeve ~; 


msg t= wach, 
mSGvt=* os 
MSC) AP Si leSieeOue (Sienna) F 


GrS ee eCOce (a! jy, 





i esceamsd (msg)r, 
len ZoOweene 


Listing 4. 


DG Ones ChOGenS ecm COlsis Heiss b Maier Sic miCOmlols 
Giles os ete we Oye les) ey 
SULUCE Stal Ss; 
CieCa bere Bae nas 66), 


MOdewesNie— castmmlode, 


fF ii Se th eS Sere REe | 
string msg = “Only files can be moved”; 
moc meOGe (=u, 
f. set _msg(msg); 


Ehrow rf: 

} 

Me (gees (SiGe See), Cee see) ) S= i | 
Slr iIngmsd.=—-  COUldsnoOk move. i? 


msg += src; 

MS Get=o° eon 

msg += dst; 

Mscieh=t ee 

Scien ene ee anode (telat), 
ifs chy COC (al), 
fcc eams a (msg), 
PnZOwer.: 


Getic 0: 
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Listing 5. 
died ie ILS evolel Siesey MS sic ice uieg, Clomisws sisieiae) Chace stumack |S; 
Jerez) SPrIner (SErmMaci. 204s i akcre mace): 
bool isDir = false; flleclble eta elie oe eter evan CaS etal Niels Ke) ier 


SERUCE eS rai is, 
CVeabeustak( Ss; Paenis, igete bei oetcla | = ap 
MOdew esis Ss sore lodc, 


dee (ee Dasa a 


file fl; DR a de Pope cma (a Uinlmems Braj), 
iil teeenie ela UEC) areas beUEGl: if (dir == NULL) { 

(eben ghd Tense ee nel, return =i; 

(lamin s hem iS Sumo eae. } 


fl.name = path; 
struct dirent entry, *result = NULL; 


if ((m & S_IFMT) == S_IFBLK || (m & S_IFMT) == // We could have just used readdir but we 
Ses CEienal might need to run it 
(m & S IFMT) == S IFIFO) { // in multi thread context ... 
(Pe ees elem Oc. bee Wim nelly, TOMA wate er@] Cato eal Cla ia ee UNE a) umcie White) ee el) ae 
Pe clses it eC inees sae ol moO Chima, if (result == NULL) 
‘Pe Pee a ieleomb yoo ciyecce OCs le. break; 
) else 12 (ims Ss TEMT)) —— Ss 1eENK) { ie (Siiemel sp weSeUile— cl ioeule)) > 0 |) 
flee Se emmy eS ee feces, oa INEM (lee: Steele (7. 7 este peel eine) S10) 
yee Sea eh ieee Bie eo emt Gan continue; 
fees hems Oe rie ec semble: Sees cl eile sO ciiela: 
} else if ((m & S IFMT) == S IFDIR && ({(m & S_ ik (eo ael pare saezet(\s ly) 
Me eo EN eS PN toath + “/7> 
Hl eyie = wll woes seees 2 USEC ICIS (odtip i eecoulknn ~Cmiale, 
eS Dee atelier hemodeweiiemy (rect Ulan Goce iy 
} } 
teeta letaretilets Kaman Oe ellosedir(dir); 
if (m & S_IWUSR) } 
flLattr.mask |= 0x400; 
dee coro Evin) tetuen Uy 
ieauer. mask |= O0x200; } 


if (m & S IXUSR) 
fllattr.mask |= Oxi00; 


if (m & S_IWGRP) // It is better in terms of interface, in the case of 
flLattr.mask |= 0x040; C++, to do not return 
ee ee eG Ievey) // a map as the IDL defined 
iPacwe Mes ya) — 0x02 0); Old se EOBen ses mls Moma shee eeu al, mc Oot sabe: ishamnge 
Tie (Ut Se ME Rde)) enela) | 
tleeane eae Malis em ORO), Peer ianee Meare 


if (m & S_IWOTH) 

tl aneeier Mats ken | — Ux 0.047, liSmedemeniek (ae muran eae): 
Ciel el) } 

til a eee cls Kell OO 
if (m & S_IXOTH) 

ls eioiens silekelic. || bh ONEL,, 
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Listing 6. 


© (mils seuviles-cemots <a ISZ les 1 lev0e0 stoxensics ls / cme 
{ ,/tmp’: file(type=4, attr=file attribute(gid=0, mask=None, uid=0, strmask='0777'’, size=None), name='/tmp’), 

,/tmp/.ICE-unix’: file(type=4, attr=file attribute(gid=0, mask=None, uid=0, strmask='’0777', size=None), name=’/tmp/. 
eR = uma Ne 

,/tmp/.ICE-unix/1997': file(type=2, attr=file attribute (gid=1000, mask=None, uid=1000, strmask='’0777’, size=None), 
Name="/tmp/ . 1h —-unmx/ 1997"), 

,/tmp/.X0-lock’: file(type=0, attr=file attribute(gid=0, mask=None, uid=0, strmask='’0222', size=None), name=’/tmp/. 
KU Mocke 

,/tmp/.Xll-unix’: file(type=4, attr=file attribute(gid=0, mask=None, uid=0, strmask='’0777', size=None), name=’/tmp/. 
A =n yg 

,/tmp/.X1l1l-unix/X0’: file(type=2, attr=file attribute (gid=0, mask=None, uid=0, strmask=’0777', size=None), name=’ / 
ONO 2 ll mie Oe) 

,/tmp/.vbox-dcarlier-ipc’: file(type=4, attr=file attribute(gid=1000, mask=None, uid=1000, strmask=’0700', 
size=None), name=’/tmp/.vbox-dcarlier-ipc’), 

,/tmp/.vbox-dcarlier-ipc/ipcd’: file(type=2, attr=file attribute (gid=1000, mask=None, uid=1000, strmask='0700’, 
size=None), name=’/tmp/.vbox-dcarlier-ipc/ipcd’), 

,/tmp/.vbox-dcarlier-ipc/lock’: file(type=0, attr=file attribute (gid=1000, mask=None, uid=1000, strmask='0600’, 
size=None), name=’/tmp/.vbox-dcarlier-ipc/lock’), 

,/tmp/config-err-tu3hNl’: file(type=0, attr=file attribute (gid=1000, mask=None, uid=1000, strmask=’0600', size=None), 
name=’ /tmp/config-err-tu3hNl1’), 

,/tmp/unity support test.0’: file(type=0, attr=file attribute (gid=1000, mask=None, uid=1000, strmask='0662’, 


size=None), name=’/tmp/unity support test.0’)} 














Listing 7. 
sys.exit (1) 
OS jolelme (ClVShe sre csns wes Is ieuecs | 0). J) 
deh Ay Gatenos 
PranhspOri— hee pO hen ty hee eC bvene (Nose, = OOimr mliat) ele etic, CuObets le sare: 
else: if len(args) != 1: 
SOCKeE = TSSESOCKeE TSSLSOCKeE (NOSE, POrE, Print, elorensies ml requires lance’) 
validate=False) if ssl else TSocket.TSocket (host, Sys-exit (1) 
jorouaie,) OS. joelme Welsh -Suoems tes ieee | 0), )) 


if framed: 


# In this mode, the message is fully read no flush is epic sm - HOhcWotes ail = 
required if len(args) != 2: 
transport = TTransport.TFramedTransport (socket) Pere, eouOremcwes ail, shequnnbes: 72 scmcs.)) 
else: sys.exit (1) 
transport = TTransport.TBufferedTransport (socket) IS oOetmu(El Venice SO censnes mm (eueee || pevece| | 7) ) 


PROLOCO es Micah y Ee EOrOcels ls lich VE EOrOceln( wicciis Ome) 

Ciel sinlonce mnhoo eC mtonic (mo ocel.) else: 

transport.open () print(,Unrecognized method %s’ % cmd) 
Sys coche al) 


# Pretty straightforward to call each server method as 


you can see UbalispoLE,close () 
Safe aC Clee ante CeO riae lle Ines mrlacian 
if lemmas). = ie: 


iene (ewoigecmisles. ey ideCilabiges Il eieeis ) 
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- c+ “Wall =std=ct+1l =—¢ =—O2 <1. —l/usr/ local/include <5 
nile Service server.0--c Mle Service server .ekeleron.cpp 

> Ch —6Ld=Ccr+1l —G =O2 =o eiorensice fle service eio- 
Fensice CONStaAnts.o €TOreisice types,0 Ile service,o 
file service server.o -Wl,-rpath,/usr/local/lib -L/usr/ 


logal/lib =lthritt 


If you execute the final executable, it will listen via the 
9090 port and if you generated Python's version, for ex- 
ample, it should have generated a sample client: Listing 6. 

We can have a quick look at how the Python's version 
is made: Listing 7. 

lf we come back to the C++ server’s code, the skele- 
ton’s generated code uses a TsimpleServer which is per- 
fect for start but is monothread. I'd suggest the TThread- 
PoolServer (more efficient than the TThreadedServer) or 
the TNonBlockingServer instead and to at least add a sig- 
nal handler to terminate the server properly. The Tthread- 
PoolServer’s version might look like this: Listing 8. 


Listing 8. 


So Medes lGi lesen si Giemdlle ty, 
Signal (SIGQUIT, servsighandler) ; 
Signal (SIGPIPE, servsighandler) ; 


iene 


Conclusion 

Apache Thrift works well indeed in most POSIX systems, 
I've made the full example server part in a Linux machine 
and tested with FreeBSD and Linux. The client was called 
on a remote FreeBSD’s machine. 

There exists an alternative version remade by Facebook 
called fbthrift which works fully only on Linux but the code 
generated Is superior and this version in general has proved 
to be more efficient in terms of memory usage at least. 
There also exists Google Protocol Buffer which performs 
better than the two above and has less languages support- 
ed (officially). You have to write the client / server code on 
your own, though. So based on your own criteria and re- 
strictions, one of these might fit better for your own case. 


David Carlier is a developer since 2001, mainly C/C++, living and 
working in Ireland mainly since 2012. He contributes to some open 
source projects and uses in a daily basis various operating systems 
mainly BSD flavours. 


Shlanedgpen EPEoOcessou processon (new Cloud useny eenadminenocesson (handler); 
Silene Omp es hoc etal eens Oa ease aie elaclls OO lay Mo Wale ae lace ely (Ose) yi, 
shlancd Pru hi GanseOurhackOny> EhaniceOuErackOny (New -TBULLOned nanspOorkbackony ), 


shaved ptr<TPuotocolbactory> protocol Nactouy (new TBimanyProtocelbactory ()): 


threadManager = ThreadManager: :newSimpleThreadManager (workers) ; 
Shaved ptr-Roctxlimeadtactenuy- siiueadhactouy (Mew Postx Mimeeadtactory ()a); 
threadManager->threadFactory (threadFactory) ; 


threadManager->start(); 


Std Clog << “Server is starcing “<< side send: 

Nee yo = elleisecl joe oie yoiee (nei Ie dese cleo Si Siencie (SIC SeIsOle SSIS icra iceimsiloueia 7 1s icetahsicloer Mcteinersy jorciocorcoll 
Factory, threadManager) ); 

nserver->serve (); 
} catch (std::exception ée) { 


SiG: rellog << “An error Occurred: ~ <<(e what) << std::endl: 
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= Cures Windows workstations and servers. 3 


= Verifies the quality of the anti-virus software currently in use. 


ij i == | a ra — _= _ 
q i = 


J Piri, 

e DOr.Web Curelt! doesn't require installation and doesn't conflict with any Known anti-virus; conse 
quently there is no need to disable the anti-virus currently in use to check a system with Dr.Web Curelt!. 

s Improved self-protection and an enhanced mode Tor more efficient countermeasures against 
Windows blockers. 

e Dr.Web Curelt! is updated at least once an hour. 

as The utility can be launched from removable media including USB storage devices. 


r- 8 . a 
~- ih 
a 
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Getting Started with 
Go on FreeBSD 


Two of my favorite things are the FreeBSD operating system 
and the Go programming language. The two are similar 
inasmuch as they're uniquely equipped to solve difficult 
problems in different ways from others in their respective 
categories. FreeBSD and Go together yield a powerful 


combination for productivity and fun. 


using a fresh installation of FreeBSD 10.2. There 

are a number of ways to install Go. We'll take a look 
at what’s involved with two of the more obvious and popu- 
lar methods. For the ports installation, Go can only be com- 
piled and installed on i386, amd64, and armv6 systems. 


7 o get started, we need to get Go installed. We'll be 


Ports Installation 
The first thought by anyone using a BSD distribution might 
be to go to the ports tree and find Go. This was my first 
thought as well, however, let’s review the Makefile first. 
We find that this port (http:/Awww.freshports.org/lang/go) 
is maintained by jlaffaye@FreeBSD.org and does some 
architecture checks prior to compilation and installation. 

FreeBSD 10.2’s ports tree is already updated to the lat- 
est (as of this writing) version of Go, 1.5.1. To successfully 
compile Go 1.5 (httops:/blog.golang.org/go1.5), we need 
Go 1.4 (https://blog.golang.org/go1.4) which is outlined on 
the dependency line of the Makefile. 

To start the process, issue the command below. 


S$ make install clean 
Since Gol, 5.1.5rC.tar.c2 doesn't exist in /usr/ports/ 


distfiles/, it will have to be downloaded. Once the down- 
load is complete, the compilation process begins. Go 
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1.4.3 is installed and used to build Go 1.5.1. All 1.5.1 files 
are placed in /usr/local/go and the 1.4.3 files are placed 
IN /usr/local/gol4. 


Manual Installation 

Manual installation is a bit less sexy and carries a little 
more weight since you have to manage the download, un- 
tarring, copying the files into place, and you're also not 
compiling the system. It’s a pre-built binary compiled to 
run for your operating system and architecture. 


S$ wget https://storage.googleapis.com/golang/ 
gol.5.1.freebsd-amd64.tar.gz 
S$ tar -C /usr/local -xzf gol.5.1.freebsd-amd64.tar.gz 


Post Installation 

No matter which installation process you've chosen, the 
following commands will have to be run to set-up your Go 
environment. More can be found here: https:/golang.org/ 
doc/code.html 


S$ mkdir -p ~/gocode/srce ~/gocode/bin ~/gocode/pkg 


ny 


mkdir -p ~/gocode/src/github.com/briandowns 
export GOROOT=/usr/local/go 
export PATH=SPATH:SGOROOT/bin 


Ur At <7 


export GOPATH=/home/bdowns/gocode 
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Go expects the “src”, “bin”, and “pkg” directories to be 
created in the path. These directories hold source files, 
package objects, and compiled binaries respectively and 
are known as a Go Workspace (https:/golang.org/doc/ 
code.html#Workspaces). The “go” command expects to 
find these directories by using the environment variable 
GOPATH which is the top level of where those directo- 
ries live. 

To make sure that we have everything installed and en- 
vironment variables set correctly, we should run a quick 
Go command. Checking the version will suffice. Run the 
command below: 


S$ go version 
The expected output should be, “go version go1.5.1 free- 


bsd/amd64”. If all of that checks out, we're ready to write 
some code. 





Our First Program 

For our first program, we're going to do the traditional “hel- 
lo, world”. You'll want to cd to your source control directory 
(1.€. ${GOPATH}/src/github.com/briandowns) where you'll 
need to create a new directory called “hello”. In the newly 
created “hello” directory, use your favorite editor and cre- 
ate a file named “main.go”. Add the text below to the file. 


package main 
import ( 


uw =mt u" 


func main() { 


int. Printin (hello, BSD!”) 





Listing 1. 
package main 


import ( 


loc 


\ WT 


OS 


VGlviib mcOM Gor rsholuny, Tenot in y. 


var watchDir = “/usr/local/directory of interest” 


var logPath = ~/usxr/local/var/ log/dir logger: log” 


emetic ern 


os. Exit (realMain () ) 


func realMain() int { 
// open up our log file 
ipebb-— Oc Open ile (logbabhn, sos. CsKDWini@s O05 
CREALE (Os O;APEEND, 0666) 
Lecert l= ni) 
IKeyofe le ieshale Lian (ie8) 
return 1 
} 
// close the file cleanly when function exits 


deren i Close (|) 


// set the log file as the logging endpoint 
fog: seceOuupuEet et) 





// setup the new watcher 
watcher, err:= fsnotify.NewWatcher () 
tr see = el 
hog. Pisin clin ei) 
return 1 
} 
// make sure the watcher is closed cleanly 


defer watcher.Close() 


// start the goroutine and have it listen for events 
COs rule: (an 
fon. | 
select { 
case event:= <-watcher.Events: 
log.Println(“event:”, event) 
case err:= <-watcher.Errors: 


(OG sPiaiiviidns Srronrs ; eis) 


vid 


// add the configured dir to the watcher 
err = watcher.Add(watchDir) 
if err != nil { 

log. Prine (err) 


return 1 


return 0 
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At this point, save and close the file. We can now either 
build the file or execute it without building. We have three 
choices of how to proceed. 


# build and run from a temporary location 


S$ go run main.go 
Or 


# build a binary and run 


S$ go build && ./hello 


or 


# build, move binary to bin dir and run 


S$ go install && rehash && hello 


Congratulations! You've just written your first Go pro- 
gram on BSD. Not fulfilled? | know.... There are a lot 
of utilities in the ecosystem that could use an upgrade. 
A lot of them are written in C or C++ which is a lot more 


Listing 2. 

#!/bin/sh 
# 

# PROVIDE: 
# REQUIRE: 
# KEYWORD: 


Gime lodger 
syslog 

pi etc) Ge.subr 
Mame= Cle keggeig. 
lelenelig= Cl ite 7 hoeciere ieinvelollia” 


command="/usr/local/bin/dir logger” 


cling Meyelcisie Us Sie ie oro 





start cmd="/usr/sbin/daemon -f -u $dir logger user $com- 


mand” 


Toad yceuconug™ name 


2 Sricliie llcrerefsie Siavellolis = S101) | 


run rc command Ge 





verbose and more difficult to maintain over time than Go 
code. So go rewrite something and see how it turns out. 


FreeBSD Specific Applications 

There are a number of great BSD specific applications, 
tools, and utilities being written in Go, however, I’ve found 
one to be extremely interesting and promising, too. JetPack 
(https:/github.com/Sofcoins/jetpack ) From the site, “Jet- 
pack is an experimental and incomplete implementation of 
the App Container Specification for FreeBSD. It uses jails 
as isolation mechanism, and ZFS for layered storage.” 

An amazing package is fsnotify (https://github.com/go- 
fsnotify/fsnotify). It makes interacting with file system ker- 
nel events (kqueue) extremely simple. Below is an ex- 
ample that outputs an event when one happens in the 
configured directory (see Listing 1). 

This is great if we want to execute it each time we're 
expecting a series of events we might want to watch for 
but it's not very sustainable. To ease this burden, a sim- 
ple startup script can be added to /usr/local/etc/re.d 
which uses the FreeBSD RC system (https:/www.free- 


Listing 3. 


package main 


aIMCOMis | | 
“flag” 
Ww fmt LA 


var ( 
ne sie e Ike ey Siw ie jare| 
Lelswelb lle) Sicies fave) 
ageFlag int 


Wie: ete (ot 


Hag. criming fain (eilins eo lag, 


NW E/T ANGAN 
ariel 


, your ies omame ~ ) 











Nagao wedmne Vets las: Slay, 


AV e ANA 
aed: 


, your last name” } 


flag.IntVar(é&ageFlag, “a”, 0, “your age”) 


Fune marin () 4 
flags .Parse () 
filter renee Hellko, 45.65. our tere 2c years olds\n , 


firstFlag, lastFlag, ageFlag) 
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bsd.org/cgi/man.cgi?query=rc.subr). To finalize this, just 
dir logger enable="YES" to the /etc/rc.conf file (see 
Listing 2). 

A big part of building CLI applications is being able to 
parse command line arguments. Go comes with a really 
simple to use package called “flags” to help you do that. 
Below is an example of an application that will read the 
arguments given and print them back out (see Listing 3). 

There are a number of packages to do a lot more with 
your command line parameters. The two most popular are 
http://github.com/mitchellh/cli and http://github.com/code- 
gangsta/cli. Both of these packages offer great features 
worth looking at. 

FreeBSD makes for a powerful development worksta- 
tion. With an ample amount of packages providing the 
ability to get very low level with the system, an extremely 
simple installation and upgrade process, and simple syn- 
tax, Go is a great language to interact with and build ap- 
plications for FreeBSD. 


Brian Downs 
briandowns.github.io 
github.com/briandowns 
@bdowns328 
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BSD Certification 





The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 





@ WHAT CERTIFICATIONS ARE AVAILABLE? 


BSDA: Entry-level certification suited for candidates 
with a general Unix background and at least six months of 
experience with BSD systems. 


BSDP: Advanced certification for senior system administrators 
with at least three years of experience on BSD systems. 
Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


@ WHERE CAN | GET CERTIFIED? 


We're pleased to announce that after 7 months of 
negotiations and the work required to make the exam 
available in a computer based format, that the BSDA 
exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


Payments are made through our registration website: 
https://register.6sdcertification.org//register/payment 


@ WHERE CAN | GET MORE INFORMATION? 


More information and links to our mailing lists, LinkedIn 
groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcq-id 
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Interview with 








Brian Callahan 
By Tae re Zao Gu ieaa 


Brian is a Ph.D. student in the Science and Technology 
Studies department at the Rensselaer Polytechnic Institute 


in Troy, NY. 


BSD Magazine: Where did the idea of Devio.us 
came from? What it is about? 

Brian Callahan: Devio.us began back in 2010 when 
some friends got together with the idea of starting a shell 
service. Being big fans of OpenBSD, they decided to use 
it as the base of their service, and Devio.us was born. 

Devio.us offers a number of services for our users in- 
cluding personal web space, email, an IRC cloak, and 
even their own personal gopherhole! It is a special mix of 
retro and modern, blended into a culture and a communi- 
ty that is passionate about *BSD. Since opening in 2010, 
nearly 6,000 people have gotten accounts with just under 
4,000 users still active. 

Today, Devio.us has a unique mission: it is both a free 
OpenBSD-based shell service provider and an online 
“BSD user group. This mission is accomplished by our 
critical devotion to building and maintaining our commu- 
nity. We try to be a bridge between those coming to *BSD 
for the very first time and seasoned developers, and ev- 
eryone in between. As a community, we are really proud 
of all the work our users have accomplished. A number 
of OpenBSD developers got their start on Devio.us, and 
we work tirelessly to have a community where people 
can come together regardless of where they are in their 
“BSD journey and foster an environment of encouraging 
“BSD development--from the four main *BSD projects to 
small side projects for inclusion into to ports trees. 

Going forward, Devio.us is looking at a multi-dimen- 
sional expansion beyond just OpenBSD. The rebranding 
of the service, the addition of an online *BSD user group 
to our activities, coincided with our recent talk about the 
technical and social lessons learned running Devio.us at 
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vBSDcon 2015. This means that we are actively increas- 
ing Our advocacy to encompass all the BSDs. With the 
increased technical advocacy joins increased social diver- 
sity: Devio.us is hoping to become a model for inclusion 
in tech communities, not just in raw demographics but in 
understanding of why diversity matters on a technical and 
social level. We would also love to help make this a reality. 


BSD Mag: That is really interesting — what 

kind of social lessons did you learn running 
Devio.us? 

BC: The main lesson, which | use to end the vBSDcon 
talk, is to care less about your technology and more about 
your people. The best technology in the world will not cre- 
ate a community. But if you focus on creating a community 
in which everyone feels like they have ownership over it 
in some way, that can forgive even some bad technology. 
| think one of the primary reasons we have had to remove 
so few people is because our community understands that 
harming the server, the technology, does not just harm 
the admins but also themselves, their friends, and the 
whole community. Our users are our best policy enforcers. 
They understand that Devio.us is our collective home and 
they are willing to spend the time and energy protecting it. 


BSD Mag: Is there is any philosophy behind 
Devio.us? 

BC: Probably not so much at the beginning, but | only be- 
came an administrator in 2013! As | understand it, the phi- 
losophy in the early years was simply to show how great 
OpenBSD was and how easy it was to run a shell service 
using it. 
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Since joining the admin team, | have used Devio.us to 
think about what inclusion and diversity mean in open 
source and tech more broadly. This is certainly a reflection 
of my day job as a social scientist! So if we have any phi- 
losophy today, | would say it is to be a *BSD success story 
making other “BSD success stories and to be a space that 
is always reflecting on who we are missing out on, why 
they matter, and figuring out how to improve our commu- 
nity and ourselves in that regard. 


BSD Mag: What do inclusion and diversity 

In tech and security mean to you? Do you think 
that those fields are more open than others, 

or is it about different criteria for inclusion? 

BC: Open source still suffers from a gross lack of women 
and other minority voices. More so than the tech industry 
at large. The many initiatives to remedy this are awesome 
and often awe-inspiring. The beauty of seeking diversity 
is that you bring in people with vastly different experienc- 
es and skill sets, who can both see and fix problems that 
you cannot, as well as offer new perspectives to strength- 
en the code and the community. 

In that regard, changing the demographics in and of 
themselves, while vitally necessary, is not the final step. 
One could easily imagine a scenario where diversity is do- 
ne right “on paper’ but nothing has changed where it fun- 
damentally matters. So we have to get it right on paper 
as well as getting those diverse voices into situations 
and conversations that matter, so that all that expertise 
and experience is a part of the process and the product. 

It is not always a popular opinion to have. But open 
source likes to talk about how it is open for everyone 
to participate. It is long past time to make that talk a re- 
ality. Devio.us should be a place where talk and action 
come together. 


BSD Mag: Who are your users? What topics do 
they like the most? 

BC: | would say we have a fairly typical user base, the one 
uniqueness Is the dedication to the *BSD family of operat- 
ing systems. Hopefully, that will change in the future. 


BSD Mag: You've already mentioned expanding 
Devio.us beyond *BSD - can you tell us what 
direction will this take? 

BC: We want to expand beyond OpenBSD, to include 
all the BSDs. All the *~BSD user groups that have been 
around a decade or more have done so by being *BSD 
agnostic. We want Devio.us to have a nice long life, 
so becoming *BSD agnostic ourselves is one of the ways 
of doing that. 
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The best examples to point out are whenever a new 
OpenBSD snapshot is released, one of our bots in the 
#devious IRC channel will announce it. Also, every Open- 
BSD developer in the channel gets a shout out from the 
bot when they make a commit. Every *BSD developer who 
is a part of Devio.us--regardless of what project she or he 
works on--should get a shout out when a commit is made. 
And we should announce all the releases and snapshots 
for all the BSDs. That is one small way we can start being 
more *BSD agnostic. | am sure there will be more chang- 
es in the future, and we are appreciative to anyone who 
has ideas for how we can do things better. 


BSD Mag: Your name- devious, where is it from? 
Who would you like to outsmart? 

BC: Unfortunately, the story behind the domain name 
is not so interesting: the founders of Devio.us noticed that 
the domain was available and they thought it would be 
a fun domain name to have! 


BSD Mag: You have many rules regarding 
community. Are users problematic? 

BC: It looks like we have more rules than we really do. 
Everything can be reduced to two main rules: 1. do not 
leave a mess for the admins to clean up, and 2. try to be 
a part of the community. | think rule 2 is the more impor- 
tant rule. It is what has kept Devio.us around for as long 
as it has been and is why we have seen the community 
grow larger and stronger. Devio.us is not just some box 
that you can SSH into, run your IRC bouncer, and never 
think about again. We want users who will be invested in 
and take ownership of Devio.us. Our users care about the 
service and want to see the service grow with them. This 
is why we forbid things like IRC bouncers. We want peo- 
ple. Bots are not people. 

In all of Devio.us, we have removed 177 users. And that 
number does not paint an accurate picture. Most of those 
177 users emailed us asking if we would remove their 
account because they did not think they would be using 
it any more. We are always sad to see people go, but un- 
derstand that some people want to leave. So when we get 
those requests, we do delete the account but it adds to the 
counter we keep of users removed. 

| would guess that the actual number of users removed 
for breaking rules is quite low. Probably not more than 20. 


BSD Mag: So they have to become friends with 
you first? 

BC: That is one way to look at it. | think, though, the com- 
munity as a whole sees it as welcoming someone new 
into the community before that person gets an account. 


BSD |:; 


MAGAZINE 


INTERVIEW 


The interesting thing is that most newcomers on IRC who 
say they want an account get answered quickly not by an 
admin, but usually by a regular community member who 
will give the newcomer the broad overview of who we are 
and what we are about. The one thing this requirement, 
which is new, has done for us is cut down on the number 
of applications by people who do not want to be part of the 
community. They come to IRC, notice that we are a differ- 
ent kind of shell service, and leave without submitting an 
application because they realize that running a bot and 
leaving is not something they can do with us. 


BSD Mag: Devio.us is for free. 
What do you think about open source? 
BC: It is important that Devio.us always be available to 
our users for free. Access to a community can never be 
dependent on one’s ability to pay: doing otherwise would 
run counter to our goals of technical and social inclusion. 
As for open source, we love it! We would never be able 
to do Devio.us without it. Open source lets us focus on 
building our community and not have to worry about soft- 
ware suddenly breaking. Plus, with the six month release 
cycle of OpenBSD, and the binary updates available from 
M:tier’s free service, we can be sure that not only will soft- 
ware not suddenly break but it is also receiving regular se- 
curity updates. That protects us and our users. Devio.us is 
an open source, “BSD success story with a very exciting 
future. We hope you will join us! 


BSD Mag: There is a note that you are not 
interested in any info about the users, but to 
make an account, you have to fill everything 

in, together with name and e-mail address, etc. 
So how does it work? 

BC: We do ask for a few things on the sign-up form: 
your name, an email address for us to send you an au- 
to-generated password should you get accepted for an 
account, your desired username, what default shell you 
want, how you heard about us, who you chatted with in 
IRC, and what you plan on doing with the account. This is 
mostly again to rule out those who just want a place to put 
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an IRC bouncer. 

| do understand that not everyone will feel comfortable 
entering their real name in the form. In that case, please 
reach out to me either by email or Twitter. We can always 
be accommodating for those who need. And if there are 
more ways we can make the process better, we want to 
hear that too! 


BSD Mag: Give our readers your contact details! 
BC: If you want to reach out to the admins, admins@de- 
viO.US. 

Me, personally, | can be found at bcallah@devio.us 
or on Twitter @__ briancallahan. 


BSD Mag: Any thoughts or advice you would 
like to share with our audience? 

BC: Short but sweet: don’t forget to have fun, and don't be 
afraid to challenge yourself and be challenged by others. 
It's about the journey, not the destination. 


BSD Mag: Thank you for talking with us. 
BC: Thank you! 
Thanks for interviewing me! 


Brian Callahan 


Brian is a Ph.D. student in the Department of Science 
and Technology Studies at Rensselaer Polytechnic In- 
stitute in Troy, NY. His research interests focus on the in- 
tersections of Open Source and Social Justice, include 
using Open Source software to teach STEM to under- 
privileged K-12 students and understanding and aiding 
the efforts to increase diversity and inclusion in Open 
Source. A former OpenBSD developer, Brian is involved 
in many facets of the *BSD community, including being a 
member of the admin group for the New York City “BSD 
User Group (NYC*BUG), the Capital District ~BSD User 
Group (CDBUG), and the Devio.us shell provider, giving 
talks at various *BSD conferences, and teaching *BSD 
to undergraduate students at RPI. 
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COLUMN 


Among certain sections of the marketing, 
editorial and certainly advertising 
communities, the use of Ad blockers is 
considered immoral, and in some cases 
users have been accused indirectly of theft. 
Are these users leeches or just more savvy 


netizins? 





y dear father, who shuffled off this mortal coil 
\/ some time ago, was a pragmatist. “Son”, he 
would say, “If there is something on television 
you don't like there is always the off button”. Apart from 
being staunchly independent, his commitment to freedom 
of speech was unquestionable, but more to the point, his 


belief in the freedom of silence was as well. 


One of the most irritating facets of modern life is the 
way that our personal boundaries are constantly under at- 
tack. Be it by marketeers, scammers or even hackers, the 
days of posting a “No circulars” sign next to your mail- 
box and expecting privacy are over. Irrespective of com- 
munications medium, be it postal, telephone, television, 
email, website or even the humble till or parking receipt, 
we are bombarded with the shrill but persistent siren call 
of those that want to grab our attention, or more accurate- 
ly — our wallet. This deluge of disconnected imagery and 
words is rarely targeted creatively or effectively, despite 
the valiant attempts of advertisers to categorise by socio- 
economic class and the multitude of tools and data they 
have at their disposal. Hence the major growth in “loyalty 
cards”, a disingenuous term at best, as often the informa- 
tion gleaned from such data gathering exercises is sold off 
to other third parties. Woe betide the day when technol- 
ogy advances far enough for neural implants to monitor 
our emotions, something not too far fetched considering 
the implants already being developed [1]. 


The whole advertising issue boils down to one simple 
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fact — privacy. As a sentient, unique individual, while | fully 
appreciate the need for developing brand identity and get- 
ting the message across about the efficacy or affordability 
of a product or service, at the same time | deeply value 
boundaries and my own personal space. An Englishman’s 
home is his castle, and in particular what seeps in from 
the outside world to my eyes and ears is important to me. 
lf | am in the market for an electric spaghetti fork | will type 
the magic words into Google or Amazon. | don’t want to 
see that advert everywhere | go on the web. But it is brand 
awareness the marketeers will say is important, by contin- 
ually bombarding our subconscious with XYZ the hope is 
that the particular product or manufacturer will float to the 
top when we are ever in need of their services. 


To quote Edward Bernays, the father of public relations, 
the whole matter revolves around the engineering of con- 
sent. This somewhat sinister definition reeks on many 
counts, at the very least implying that consent was not 
present in the first place. It is no wonder that the term Pub- 
lic Relations was adopted to refer to this form of well re- 
searched social psychology rather than the more visceral 
and accurate title “Propagandist in Chief”. 


If the truth be know then, mass-market advertising does 
work. Unfortunately though, it is based on the foundation 
of sleight of hand and manipulation. As adults, we are of- 
ten only consciously aware of this fact intermittently, as 
the power of repetition has the uncanny knack of short-cir- 
cuiting the conscious mind and travelling direct to our sub- 
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conscious. As we are then heading towards the area of 
the spiritual, this is very sensitive ground indeed. The pic- 
tures and associations | want in my inner psyche should 
be up to me, | should be allowed to choose to absorb or 
not as the case may be. However, when the blanket level 
of saturation reaches the point that we cannot ignore this 
intrusion, as individuals we hit critical mass and actively 
reject the message along with both baby and bathwater. 
Think compassion fatigue. And a totally counter produc- 
tive experience for the advertiser as well. 


Unfortunately for the marketing industry, consumers are 
becoming much more aware of the subtle and not so subtle 
techniques being used. A considerable percentage of the 
population are abandoning the traditional media (newspa- 
pers and television) for the vast expanse of the Internet, 
where the electric spaghetti fork enthusiast will find a spe- 
cialist website dedicated to his or her needs. But alas, our 
enthusiast has an ad-blocker installed. How will they dis- 
cover the latest model or find out about that neoprene-lined 
velvet accessory cover for their fork? By word of mouth and 
recommendation — undeniably the best form of advertising 
that there is. Here lies the conundrum behind advertising 
— it has no credibility other than sheer weight of presence. 
lf | were an alien from the planet Zorg, | would be unable 
to make any decision regarding the credibility and integrity 
of a product against a competing item. However if | were 
to ask an earthling on a specialist forum what is the best 
fork, while it might result in a plethora of opinions, hopefully 
there would be some consensus amongst the group based 
on experiential data rather than just sheer hype. That is not 
to say that adverts are dishonest as such, rather the major- 
ity — by their sheer nature — are designed to be superficial 
and all encompassing so that they reach the widest pos- 
sible audience. It is not until you get into the arena of high 
quality and very expensive advertising campaigns that you 
reach the point of actually admiring or appreciating the ad- 
vertising. It is generally the shotgun, rather than the sniper 
rifle approach. And | resent being collateral damage. 


Hence the wrath of those denied access to my eyes 
via my browser. While there could be argued that there 
is no technical solution to television advertising (person- 
ally | use the fast forward button and rarely watch live TV, 
only recordings), our PC’s, laptops and mobile devices 
are considered much more personal and intimate devic- 
es. Of course there is the argument that by running an ad 
blocker | am denying the owner of the website of adver- 
tising revenue, but this is a specious argument. Even if | 
was not running an ad blocker | would not be clicking on 
the ad. So the only true beneficiary is not really the adver- 
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tiser (who if they were that desperate to make their prod- 
uct or company appeal would be more engaged with the 
website owner, e.g. free evaluations or sponsorship) but 
the industry behind the advertising and the corresponding 
click-through. After all, most of the ad blockers work on 
denying access to the content delivery networks, and from 
a security perspective that is no bad thing considering the 
amount of malware and trackers that are attacking brows- 
ers these days. If an advertiser is so offended by ad block- 
ers and alleged loss of revenue, why not put up a paywall 
and restrict access to paying visitors only. They would 
then quickly discover the real rather than the perceived 
value of their content. Rather than patronising and offend- 
ing their audience, the marketeers would be better served 
finding creative ways of engaging with their target audi- 
ence in a way that stimulates interest and debate, rather 
than trying to jam their foot in the gap and getting the tech- 
nological door slammed in their face as a consequence. 


So the gloves are off as far as the marketing sector is 
concerned and by choosing not to download their unsolic- 
ited click-bait, more and more sites are preventing access 
if they detect ad blockers in use. That's fine by me, for it 
demonstrates that they are more interested in selling to 
me than informing me, more concerned with catching my 
eye than engaging my mind, but most crucially of all they 
have devalued their core product and closed the window 
of opportunity for a word of mouth recommendation. If the 
Internet at large is to continue as a communal free space, 
it needs to look at a different model for raising revenue. 
People are catching on to the maxim “If it is free you are 
the product”. While the majority are fine with tasteful, cre- 
ative, discreet, secure and unobtrusive advertising (my- 
self included), when the line is crossed into the territory 
of “You wil/ watch our propaganda” | do what the majority 
of Britons do when an advert appears on commercial tele- 
vision. | go and make a cup of tea. 


{Vases 


[1] http:/www.nature.com/news/injectable-brain-implant-spies- 
on-individual-neurons-1.17713 








Rob Somerville has been passionate about technology since 


his early teens. A keen advocate of open systems since the mid- 
eighties, he has worked in many corporate sectors including finance, 
automotive, airlines, government and media in a variety of roles 
from technical support, system administrator, developer, systems 
integrator and IT manager. He has moved on from CP/M and nixie 
tubes but keeps a soldering iron handy just in case. 
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